<h1 style="font-size:10vw" align="left">CVE-2021-3560 - Polkit Local Privilege Escalation</h1>
<img src="https://img.shields.io/badge/CVSS:3.1%20Score%20-7.8 HIGH-red"> <img src="https://img.shields.io/badge/Vulnerability%20Types%20-Privilege%20Escalation-blue"> <img src="https://img.shields.io/badge/Tested%20On%3F-Ubuntu%2020.04.1-blued"> <img src="https://img.shields.io/badge/-Ubuntu%2020.04.2-blued">
******
⚠️ *For educational and authorized security research purposes only*
## Original Exploit Authors
Very grateful to the original PoC author [@UNICORDev](https://unicord.dev) by ([@NicPWNs](https://github.com/NicPWNs) and [@Dev-Yeoj](https://github.com/Dev-Yeoj))
## Description
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
## Demo
******
## Step Guides
1. Install git, then clone the script from the github repository:
```bash
sudo apt install git python3 -y
git clone https://github.com/asepsaepdin/CVE-2021-3560.git
```
2. Run the PoC script using command:
```bash
python3 exploit-CVE-2021-3560.py -u hacker -p password
```
> **Notes**: specify -u options with the intended username and -p options with the intended password
3. Verify the created user using command:
```bash
su hacker
id
```
******
## Credits
- https://nvd.nist.gov/vuln/detail/CVE-2021-3560
- https://app.hackthebox.com/machines/Paper
- https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
- https://github.com/Almorabea/Polkit-exploit/blob/main/CVE-2021-3560.py
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view