If you are a pentester or just loves playing CTF in HTB or THM, you may want to try this tool. This automates your linux privesc rabbit hole and its very easy to use.

You can check out the creator of Traitor by going to his GitHub page….https://github.com/liamg/traitor. Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities in order to pop a root shell:

  • Nearly all of GTFOBins
  • Writeable docker.sock
  • CVE-2022–0847 (Dirty pipe)
  • CVE-2021–4034 (pwnkit)
  • CVE-2021–3560
  1. Install Traitor
  2. Run it (./traitor) without any switches
  3. It should then enumerate what vulnerabilities are present

4. Just type ./traitor again but this time include the specific enumerated vulnerability. in my case its kernel:CVE-2022–0847:

./traitor — exploit:kernel:CVE-2022–0847

--

--