liamg/traitor

Examples of how to misconfigure boxes

dmuth opened this issue · 2 comments

dmuth commented

The tool looks neat, but I tried running it on a fresh Vagrant instance as an unprivileged user and didn't se emuch:

image

Of course, it's a stock install and there are no services running on the box, but I think it would be neat if there were some instructions on example misconfigurations that could be made on a throwaway VM for Traitor to exploit.

If you're willing to give me a list, I'd be happy to add some examples into the README and submit a PR!

liamg commented

Awesome idea!

So almost all of the current issues that traitor abuses are sudoers misconfigurations. One such example is allowing a specific user - in this case loser - to run vim as the root user. This could be done by adding the following line to /etc/sudoers (by running visudo as root).

loser ALL=(ALL) NOPASSWD: /usr/bin/vim

Running traitor as the loser user should then pop a root shell via vim.

dmuth commented

Fantastic, thanks!