id: privesc-torsocks info: name: Torsocks - Privilege Escalation author: daffainfo severity: high description: | torsocks is a wrapper that enables the use of the Tor network for any program, including those that do not natively support proxy settings. It intercepts and redirects network calls from the target program through the Tor network, providing a way to anonymize the network traffic of various applications. reference: - https://gtfobins.github.io/gtfobins/torsocks/ metadata: verified: true max-request: 3 tags: code,linux,torsocks,privesc,local self-contained: true code: - engine: - sh - bash source: | whoami - engine: - sh - bash source: | torsocks whoami - engine: - sh - bash source: | sudo torsocks whoami matchers-condition: and matchers: - type: word part: code_1_response words: - "root" negative: true - type: dsl dsl: - 'contains(code_2_response, "root")' - 'contains(code_3_response, "root")' condition: or # digest: 4a0a004730450221009508b116a8d191c5652f0f02943050fa0c1ef20aa0c49c6e7b6ad79000fb62ea02205d89591a5d546bea451db17a3b0401ef437c788396431e8e28526f90e54ed07c:922c64590222798bb761d5b6d8e72950