Like this repo? Give us a ⭐!
For educational and authorized security research purposes only.
@UNICORDev by (@NicPWNs and @Dev-Yeoj)
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Use this exploit on a system with vulnerable Polkit software to add a new user with Sudo privileges. Specify a custom username and/or password as CLI arguments, if desired. Once the new user is created, su to this user and sudo su for full root privileges.
python3 exploit-CVE-2021–3560.py [-u <username> -p <password>]
python3 exploit-CVE-2021–3560.py -h -u Custom username. Provide username to be created. (Optional)
-p Custom password. Provide password to be configured for user. (Optional)
-h Show this help menu.Download exploit-CVE-2021-3560.py Here
- python3
- accountsservice
- gnome-control-center
- openssl
- sudo
User in privileged wheel group.
Polkit Version 0.105 (Ubuntu 20.04.2 LTS)
Polkit Versions 0.0 - 0.118
apt install accountsservice gnome-control-center openssl sudossh localhost to avoid this issue.