Torsocks - Privilege Escalation
ID: privesc-torsocks
Severity: high
Author: daffainfo
Tags: code,linux,torsocks,privesc,local
Description
Section titled “Description”torsocks is a wrapper that enables the use of the Tor network for any program, including those that do not natively support proxy settings. It intercepts and redirects network calls from the target program through the Tor network, providing a way to anonymize the network traffic of various applications.
YAML Source
Section titled “YAML Source”id: privesc-torsocks
info: name: Torsocks - Privilege Escalation author: daffainfo severity: high description: | torsocks is a wrapper that enables the use of the Tor network for any program, including those that do not natively support proxy settings. It intercepts and redirects network calls from the target program through the Tor network, providing a way to anonymize the network traffic of various applications. reference: - https://gtfobins.github.io/gtfobins/torsocks/ metadata: verified: true max-request: 3 tags: code,linux,torsocks,privesc,local
self-contained: truecode: - engine: - sh - bash source: | whoami
- engine: - sh - bash source: | torsocks whoami
- engine: - sh - bash source: | sudo torsocks whoami
matchers-condition: and matchers: - type: word part: code_1_response words: - "root" negative: true
- type: dsl dsl: - 'contains(code_2_response, "root")' - 'contains(code_3_response, "root")' condition: or# digest: 4b0a00483046022100ac1de5a9dcc4e73ade7634d18ef342355ec79cba1816a8408415ef6dab7f5fd5022100d8f9e2c6eb930d11242b8414423e2b407e9aa0561a01e97d3591a23d002d7544:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "code/privilege-escalation/linux/binary/privesc-torsocks.yaml"