CVE-2018-19788

This PoC leverages CVE-2018-19788, a vulnerability in polkit/systemd where users with a UID over INT_MAX can execute privileged systemctl commands. The exploit allows reading protected files (e.g., /etc/shadow) without a root shell by abusing systemd-run.

This PoC exploits CVE-2018-19788, a privilege escalation vulnerability in PolKit, by creating a malicious systemd service that spawns a reverse shell. It requires a user with a UID > INT_MAX or sufficient permissions to create users.

This PoC exploits CVE-2018-19788, a local privilege escalation vulnerability in PolicyKit (polkit) version 0.115. It creates a malicious systemd service to escalate privileges by adding the current user to a privileged group (e.g., sudo, admin, or wheel).

This PoC exploits CVE-2018-19788, a PolicyKit vulnerability, by creating a user with a high UID to bypass authentication and escalate privileges. It demonstrates privilege escalation by modifying systemd services to set the SUID bit on `/usr/bin/find` and then using it to read sensitive files and gain root access.

This repository contains a functional Ansible role and PoC script for CVE-2018-19788, a local privilege escalation vulnerability in PolicyKit (polkit) version 0.115. The exploit leverages a UID overflow to gain elevated privileges by creating a malicious systemd service.