49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
id: privesc-torsocks
|
|
|
|
info:
|
|
name: Torsocks - Privilege Escalation
|
|
author: daffainfo
|
|
severity: high
|
|
description: |
|
|
torsocks is a wrapper that enables the use of the Tor network for any program, including those that do not natively support proxy settings. It intercepts and redirects network calls from the target program through the Tor network, providing a way to anonymize the network traffic of various applications.
|
|
reference:
|
|
- https://gtfobins.github.io/gtfobins/torsocks/
|
|
metadata:
|
|
verified: true
|
|
max-request: 3
|
|
tags: code,linux,torsocks,privesc,local
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
whoami
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
torsocks whoami
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sudo torsocks whoami
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: code_1_response
|
|
words:
|
|
- "root"
|
|
negative: true
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(code_2_response, "root")'
|
|
- 'contains(code_3_response, "root")'
|
|
condition: or
|
|
# digest: 4a0a004730450221009508b116a8d191c5652f0f02943050fa0c1ef20aa0c49c6e7b6ad79000fb62ea02205d89591a5d546bea451db17a3b0401ef437c788396431e8e28526f90e54ed07c:922c64590222798bb761d5b6d8e72950 |