关联漏洞
标题:
polkit 代码问题漏洞
(CVE-2021-3560)
描述:polkit是一个在类 Unix操作系统中控制系统范围权限的组件。通过定义和审核权限规则,实现不同优先级进程间的通讯。 polkit 存在代码问题漏洞,该漏洞源于当请求进程在调用polkit_system_bus_name_get_creds_sync之前断开与dbus-daemon的连接时,该进程无法获得进程的唯一uid和pid,也无法验证请求进程的特权。
描述
Part of my cybersecurity thesis consists in exploring and exploiting this vulnerability.
介绍
# Description
As part of my cybersecurity thesis I wanted to create an exploit for a vulnerability.
I HIGHLY recommend reading this guide, as this exploit is based on it:
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
Also, check out this repo, as i took inspiration from it:
https://github.com/Almorabea/Polkit-exploit/blob/main/CVE-2021-3560.py
This code is by no means perfect, sometimes it gets a bit buggy if you set a password for the new user.
I recommend NOT setting a password.
If it does not create a new user, simply retry a few times and it will eventually work.
if you have any advices on how to improve this code, please, feel free to share them :) !
# Disclaimer
The tools and exploits provided in this repository are released for educational and research purposes only.
The author is not responsible for any misuse or damage that may be caused by the tools or exploits.
Users are strongly encouraged to use these resources responsibly and ethically, adhering to applicable laws and regulations.
The author supports ethical hacking and responsible disclosure, and strongly discourages malicious use of these resources.
By using this repository, you agree that you understand the contents of this disclaimer and that you will comply with the terms and conditions outlined.
文件快照
[4.0K] /data/pocs/2106dd51da1733bd2a832835e125b71c73963030
├── [4.1K] exploitBAD.py
├── [3.2K] exploit.py
├── [1.0K] LICENSE
└── [1.3K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。