NOMISEC-aancw/polkit-auto-exploit

NOMISEC WORKING POC

Exploit for CVE-2021-3560 - polkit - Privilege Escalation

AI Analysis

This repository contains a functional exploit for CVE-2021-3560, a local privilege escalation vulnerability in polkit. The exploit automates the creation of a privileged user and sets a password via DBus method calls, leveraging a race condition in polkit's authentication mechanism.

Attack Type

LPE

Complexity

moderate

Reliability

racy

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.003 - Sudo and Sudo Caching

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type local

Files 4

https://github.com/aancw/polkit-auto-exploit

Stars 5

Forks 0

Last Push Aug 24, 2021

Authors

aancw Petruknisme

Vulnerability

CVE-2021-3560

polkit - Privilege Escalation

HIGH KEV

CVSS 7.8