POC详情: 4f05e7622db61a7887bbea46c11441375d3a3e33

来源
https://github.com/asepsaepdin/CVE-2021-3560
关联漏洞
标题: polkit 代码问题漏洞 (CVE-2021-3560)
描述:polkit是一个在类 Unix操作系统中控制系统范围权限的组件。通过定义和审核权限规则,实现不同优先级进程间的通讯。 polkit 存在代码问题漏洞,该漏洞源于当请求进程在调用polkit_system_bus_name_get_creds_sync之前断开与dbus-daemon的连接时,该进程无法获得进程的唯一uid和pid,也无法验证请求进程的特权。
介绍
<h1 style="font-size:10vw" align="left">CVE-2021-3560 - Polkit Local Privilege Escalation</h1>


<img src="https://img.shields.io/badge/CVSS:3.1%20Score%20-7.8 HIGH-red"> <img src="https://img.shields.io/badge/Vulnerability%20Types%20-Privilege%20Escalation-blue"> <img src="https://img.shields.io/badge/Tested%20On%3F-Ubuntu%2020.04.1-blued"> <img src="https://img.shields.io/badge/-Ubuntu%2020.04.2-blued">


******
⚠️ *For educational and authorized security research purposes only*


## Original Exploit Authors
Very grateful to the original PoC author [@UNICORDev](https://unicord.dev) by ([@NicPWNs](https://github.com/NicPWNs) and [@Dev-Yeoj](https://github.com/Dev-Yeoj))


## Description
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

## Demo
![polkit](https://github.com/asepsaepdin/CVE-2021-3560/assets/122620685/224164df-81aa-4864-8f0d-55777d79a76a)


******
## Step Guides
1. Install git, then clone the script from the github repository:

    ```bash
   sudo apt install git python3 -y
   git clone https://github.com/asepsaepdin/CVE-2021-3560.git
   ```
    
2. Run the PoC script using command:

   ```bash
   python3 exploit-CVE-2021-3560.py -u hacker -p password
   ```

   > **Notes**: specify -u options with the intended username and -p options with the intended password

3. Verify the created user using command:
   ```bash
   su hacker
   id
   ```
   
******
## Credits
- https://nvd.nist.gov/vuln/detail/CVE-2021-3560
- https://app.hackthebox.com/machines/Paper
- https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
- https://github.com/Almorabea/Polkit-exploit/blob/main/CVE-2021-3560.py
文件快照

 [4.0K]  /data/pocs/4f05e7622db61a7887bbea46c11441375d3a3e33
├── [7.3K]  exploit-CVE-2021-3560.py
└── [1.9K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。