关联漏洞
标题:
polkit 代码问题漏洞
(CVE-2021-3560)
描述:polkit是一个在类 Unix操作系统中控制系统范围权限的组件。通过定义和审核权限规则,实现不同优先级进程间的通讯。 polkit 存在代码问题漏洞,该漏洞源于当请求进程在调用polkit_system_bus_name_get_creds_sync之前断开与dbus-daemon的连接时,该进程无法获得进程的唯一uid和pid,也无法验证请求进程的特权。
描述
This is an exercise built around CVE-2021-3560
介绍
# 🛡️ CVE-2021-3560 Privilege Escalation Exercise
<p align="center">
<img width="411" alt="ss-icon" src="https://github.com/user-attachments/assets/f61d1fbc-abae-4fc9-ac7a-ee9d2be20a9b" />
</p>
---
## 📚 Overview
This repository contains materials for a hands-on cybersecurity exercise centered on **CVE-2021-3560**, a privilege escalation vulnerability in **polkit**.
Discovered by GitHub Security Lab in 2021, this flaw allowed unprivileged Linux users to gain root access by exploiting a **race condition** in user credential handling.
The vulnerability affected multiple Linux distributions and was patched in mid-2021.
---
## 🎮 Scenario: *"Sidewinder Swifty's Silent Escalation"*
You are **Sidewinder Swifty** — a sly cyber-infiltrator known for slipping past digital defenses. You've gained low-level access to a target Ubuntu 20.04 machine. Your mission:
- Exploit CVE-2021-3560
- Escalate privileges to root
- Maintain access and **leave no trace**
> ⚠️ Precision and timing are key. Success depends on your ability to emulate real-world attacker tradecraft.
---
## 🧠 Learning Objectives
This exercise will guide you through practical offensive security concepts, including:
- 🔼 **Privilege Escalation** – Gaining unauthorized administrative access
- ⏱️ **Race Conditions** – Exploiting timing-based flaws
- 📖 **CVE Exploitation** – Leveraging public vulnerabilities
- 🧬 **Persistence** – Maintaining access after compromise
- 👤 **User Obfuscation** – Masking your identity and actions
- 🎭 **Privilege Masquerading** – Posing as a legitimate system user
- 🔁 **File Transfer** – Using `scp` and `netcat`
- 📦 **Compression** – Archiving with `tar`
- 🔍 **Sensitive File Access** – Reading protected system files
- 🧾 **Log Manipulation** – Editing logs to cover your tracks
- 🕵️ **Anti-Forensics** – Evading forensic analysis
- 🧨 **Threat Actor Simulation** – Reproducing attacker TTPs (Tactics, Techniques, Procedures)
---
## 🎯 Expected Outcomes
By completing this challenge, you will:
- Gain hands-on experience exploiting **privilege escalation vulnerabilities**
- Understand the **importance of secure permissions and patch management**
- Practice **realistic post-exploitation tactics**
- Learn how attackers **maintain stealth and persistence**
- See firsthand why **timely system updates** are critical for defense
---
## ⚠️ Disclaimer
> This project is intended for **educational and ethical research purposes only**.
> Do **not** use these techniques on systems you do not own or have explicit permission to test.
> **Do not** use these techniques on any system you do not own or have explicit permission to test. Unauthorized access is illegal and unethical.
[Watch the demo on YouTube](https://www.youtube.com/watch?v=xLK27EJkNv0)
文件快照
[4.0K] /data/pocs/0c161bfb1533dd4b375c08ff77a8015f4844cb1d
├── [1.0K] LICENSE
├── [ 38K] OperationSS_Instructions.docx
├── [2.7M] OperationSS_Poster.pptx
├── [8.3M] OperationSS_Presentation.pptx
└── [2.8K] README.md
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。