liamg
commented
3 years ago Awesome idea!
So almost all of the current issues that traitor abuses are sudoers misconfigurations. One such example is allowing a specific user - in this case loser - to run vim as the root user. This could be done by adding the following line to /etc/sudoers (by running visudo as root).
loser ALL=(ALL) NOPASSWD: /usr/bin/vimRunning traitor as the loser user should then pop a root shell via vim.
dmuth
The tool looks neat, but I tried running it on a fresh Vagrant instance as an unprivileged user and didn't se emuch:
Of course, it's a stock install and there are no services running on the box, but I think it would be neat if there were some instructions on example misconfigurations that could be made on a throwaway VM for Traitor to exploit.
If you're willing to give me a list, I'd be happy to add some examples into the README and submit a PR!