torsocks is a wrapper that enables the use of the Tor network for any program, including those that do not natively support proxy settings. It intercepts and redirects network calls from the target program through the Tor network, providing a way to anonymize the network traffic of various applications.
PoC代码[已公开]
id: privesc-torsocks
info:
name: Torsocks - Privilege Escalation
author: daffainfo
severity: high
description: |
torsocks is a wrapper that enables the use of the Tor network for any program, including those that do not natively support proxy settings. It intercepts and redirects network calls from the target program through the Tor network, providing a way to anonymize the network traffic of various applications.
reference:
- https://gtfobins.github.io/gtfobins/torsocks/
metadata:
verified: true
max-request: 3
tags: code,linux,torsocks,privesc,local
self-contained: true
code:
- engine:
- sh
- bash
source: |
whoami
- engine:
- sh
- bash
source: |
torsocks whoami
- engine:
- sh
- bash
source: |
sudo torsocks whoami
matchers-condition: and
matchers:
- type: word
part: code_1_response
words:
- "root"
negative: true
- type: dsl
dsl:
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
condition: or
# digest: 4b0a00483046022100ac1de5a9dcc4e73ade7634d18ef342355ec79cba1816a8408415ef6dab7f5fd5022100d8f9e2c6eb930d11242b8414423e2b407e9aa0561a01e97d3591a23d002d7544:922c64590222798bb761d5b6d8e72950