Break out from Tor Connection
If an attacker is controlling Tor Connection, they can trivially escape the sandbox. For example, they can write to /home/amnesia/.bashrc
, resulting in commands being executed as soon as a user opens a terminal.
Setup
As root:
sed -i s+/usr/lib/python3/dist-packages/tca/application.py+/attack.py
And create /attack.py
with this content:
import os
os.execlp("/bin/bash", "bash")
Now, when running sudo /usr/local/bin/tca
you can have a shell which simulates what your attacker can do.