Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell. It'll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploiting issues like a writable docker.sock, or the recent polkit CVE-2021-3560. More routes to root will be added over time too.
exploit infosec privilege-escalation security-tools privesc hackthebox gtfobins redteam-tools cve-2021-3560A collection of Windows, Linux and MySQL privilege escalation scripts and exploits. For pre-compiled local linux exploits, check out https://www.kernel-exploits.com.
exploits privesc sql mysql hacking pentesting bugbountypspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as arguments on the command line is a bad idea. The tool gathers it's info from procfs scans. Inotify watchers placed on selected parts of the file system trigger these scans to catch short-lived processes.
ctf pentesting privesc enumerationOffline command line lookup utility for GTFOBins and LOLBAS. Whilst GTFOBLookup will run in Python2.7, some features require Python3.
pentesting redteam privesc pentesting-tools gtfobins lolbas
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.