nomisec
WORKING POC
125 stars
by Almorabea · local
https://github.com/Almorabea/Polkit-exploit
This repository contains a functional exploit for CVE-2021-3560, a privilege escalation vulnerability in polkit. The exploit leverages a race condition to bypass authentication and create a privileged user via DBus calls to accountsservice.
Classification
Working Poc 100%
Target:
polkit (systemd component)
No auth needed
Prerequisites:
Local access to a vulnerable Linux system with polkit installed
nomisec
WORKING POC
124 stars
by secnigma · local
https://github.com/secnigma/CVE-2021-3560-Polkit-Privilege-Esclation
This repository contains a functional Bash script that automates the exploitation of CVE-2021-3560, a privilege escalation vulnerability in Polkit. The script leverages a race condition to create a new user with sudo privileges by manipulating D-Bus messages.
Classification
Working Poc 95%
Target:
Polkit versions 0.113 (or later) or 0-105-26 (Debian fork)
No auth needed
Prerequisites:
SSH or non-graphical session access · accountsservice and gnome-control-center installed · vulnerable Polkit version
nomisec
WORKING POC
117 stars
by RicterZ · local
https://github.com/RicterZ/CVE-2021-3560-Authentication-Agent
This repository contains a functional Go-based exploit for CVE-2021-3560, a Polkit privilege escalation vulnerability. The exploit registers a malicious authentication agent to bypass Polkit's authentication mechanism, allowing an unprivileged user to gain root access via systemd service manipulation.
Classification
Working Poc 95%
Target:
Polkit (policykit-1) versions before 0.120
No auth needed
Prerequisites:
Local access to a vulnerable Linux system · Go runtime for compilation
nomisec
WRITEUP
82 stars
by swapravo · local
https://github.com/swapravo/polkadots
This repository provides a description and usage instructions for a local privilege escalation exploit (CVE-2021-3560) affecting polkit. It does not contain actual exploit code but references the vulnerability and its impact on multiple Linux distributions.
Classification
Writeup 90%
Target:
polkit (pkexec)
Auth required
Prerequisites:
Local access to a vulnerable system · User interaction to execute the exploit
nomisec
WORKING POC
38 stars
by hakivvi · local
https://github.com/hakivvi/CVE-2021-3560
The repository contains a C-based exploit for CVE-2021-3560, a polkit authentication bypass vulnerability. The exploit leverages a race condition where a process exits immediately after sending a DBus message, causing polkit to incorrectly assume the caller is root (UID 0).
Classification
Working Poc 95%
Target:
polkit (systemd component)
No auth needed
Prerequisites:
Unprivileged user access · polkit version vulnerable to CVE-2021-3560
nomisec
WORKING POC
24 stars
by winmin · poc
https://github.com/winmin/CVE-2021-3560
This repository contains a functional exploit for CVE-2021-3560, a PolicyKit (polkit) vulnerability that allows local privilege escalation. The exploit registers a malicious authentication agent to bypass polkit's authentication mechanism and gain root access.
Classification
Working Poc 95%
Target:
PolicyKit (polkit) versions before 0.119
No auth needed
Prerequisites:
Local access to a vulnerable system · Compilation dependencies (dbus, dbus-glib, gio)
nomisec
WRITEUP
24 stars
by AssassinUKG · local
https://github.com/AssassinUKG/Polkit-CVE-2021-3560
This repository provides a detailed technical analysis of CVE-2021-3560, a privilege escalation vulnerability in Polkit. It explains the root cause (mishandling of DBus message IDs leading to UID substitution) and includes step-by-step exploitation instructions for Ubuntu 20.04.
Classification
Writeup 100%
Target:
Polkit (policykit-1) versions before 0.105-26ubuntu1.1
No auth needed
Prerequisites:
Access to a vulnerable system with Polkit version 0.105-26ubuntu1 or earlier · Ability to execute commands as an unprivileged user
nomisec
WORKING POC
11 stars
by UNICORDev · local
https://github.com/UNICORDev/exploit-CVE-2021-3560
This repository contains a functional Python exploit for CVE-2021-3560, a local privilege escalation vulnerability in Polkit. The exploit leverages a flaw in Polkit's D-Bus request handling to create a new user with sudo privileges, bypassing credential checks.
Classification
Working Poc 95%
Target:
Polkit versions 0.0 - 0.118
No auth needed
Prerequisites:
python3 · accountsservice · gnome-control-center · openssl · sudo
nomisec
WORKING POC
9 stars
by 0dayNinja · local
https://github.com/0dayNinja/CVE-2021-3560
This is a functional Metasploit module that exploits CVE-2021-3560, a local privilege escalation vulnerability in Polkit. It leverages a race condition in the D-Bus authentication mechanism to add a new user with sudo privileges and execute arbitrary commands as root.
Classification
Working Poc 100%
Target:
Polkit (pkexec) versions before the patch
No auth needed
Prerequisites:
Local access to a vulnerable Linux system · D-Bus and Polkit installed · Non-root user session
nomisec
WRITEUP
9 stars
by chenaotian · poc
https://github.com/chenaotian/CVE-2021-3560
This repository provides a detailed technical analysis of CVE-2021-3560, a race condition vulnerability in PolKit (polkitd) leading to local privilege escalation. It includes root cause analysis, code snippets, and a breakdown of the vulnerability's trigger path.
Classification
Writeup 95%
Target:
PolKit (polkitd) versions 0.113 and later
No auth needed
Prerequisites:
Local access to a vulnerable Linux system with dbus and polkitd running
nomisec
WORKING POC
5 stars
by aancw · local
https://github.com/aancw/polkit-auto-exploit
This repository contains a functional exploit for CVE-2021-3560, a local privilege escalation vulnerability in polkit. The exploit automates the creation of a privileged user and sets a password via DBus method calls, leveraging a race condition in polkit's authentication mechanism.
Classification
Working Poc 95%
Target:
polkit (versions 0.113 and later, including Debian/Ubuntu forks)
No auth needed
Prerequisites:
Local access to a vulnerable system · polkit version 0.113 or later · dbus-send utility available
nomisec
WORKING POC
2 stars
by cpu0x00 · poc
https://github.com/cpu0x00/CVE-2021-3560
This repository contains a functional exploit script for CVE-2021-3560, a Polkit privilege escalation vulnerability. The script uses D-Bus to create a new user and set a password, leveraging a race condition in Polkit's pkexec.
Classification
Working Poc 90%
Target:
Polkit (pkexec) on Ubuntu
No auth needed
Prerequisites:
Access to a vulnerable system with Polkit installed · D-Bus access
nomisec
WORKING POC
2 stars
by BizarreLove · local
https://github.com/BizarreLove/CVE-2021-3560
This repository contains a functional exploit for CVE-2021-3560, a local privilege escalation vulnerability in PolicyKit. The exploit leverages D-Bus to create a new user with administrative privileges and sets a password for that user.
Classification
Working Poc 95%
Target:
PolicyKit (policykit-1) on Ubuntu 20.04/21.04
No auth needed
Prerequisites:
Local access to the target system · PolicyKit version vulnerable to CVE-2021-3560
nomisec
WORKING POC
2 stars
by Kyyomaa · local
https://github.com/Kyyomaa/CVE-2021-3560-EXPLOIT
This repository contains a functional exploit for CVE-2021-3560, a local privilege escalation vulnerability in Polkit's pkexec. The exploit leverages a race condition to create a new user with root privileges via D-Bus calls.
Classification
Working Poc 95%
Target:
Polkit (pkexec) before version 0.120
No auth needed
Prerequisites:
Local access to a vulnerable Linux system with Polkit installed
nomisec
WRITEUP
2 stars
by LucasPDiniz · local
https://github.com/LucasPDiniz/CVE-2021-3560
This repository provides a detailed technical analysis of CVE-2021-3560, a privilege escalation vulnerability in Polkit. It explains the root cause involving D-Bus message handling and includes step-by-step exploitation instructions, but does not contain functional exploit code.
Classification
Writeup 95%
Target:
Polkit versions 0.113 and later
No auth needed
Prerequisites:
Local access to a vulnerable system · D-Bus and Polkit installed
nomisec
WORKING POC
by arcslash · local
https://github.com/arcslash/exploit_CVE-2021-3560
This repository contains a functional exploit for CVE-2021-3560, a race condition in polkit's dbus interface that allows local privilege escalation to root. The exploit creates a new user with root privileges by timing the termination of a dbus-send process.
Classification
Working Poc 95%
Target:
polkit (version affected by CVE-2021-3560)
No auth needed
Prerequisites:
Local access to the target system · polkit installed and running
nomisec
WORKING POC
by MandipJoshi · local
https://github.com/MandipJoshi/CVE-2021-3560
This repository contains a functional exploit for CVE-2021-3560, a local privilege escalation vulnerability in polkit. The exploit leverages a race condition to create a new user with root privileges by manipulating D-Bus calls to the Accounts service.
Classification
Working Poc 95%
Target:
polkit version 0.105-26
Auth required
Prerequisites:
SSH connection to localhost · Vulnerable polkit version installed
nomisec
WORKING POC
by Antoine-MANTIS · local
https://github.com/Antoine-MANTIS/POC-Bash-CVE-2021-3560
This repository contains a functional bash script that exploits CVE-2021-3560, a local privilege escalation vulnerability in polkit. The exploit leverages a race condition in the dbus interface to create a new user with administrative privileges.
Classification
Working Poc 95%
Target:
polkit <= 0.119
No auth needed
Prerequisites:
dbus-send · pkexec · vulnerable polkit version
nomisec
WORKING POC
by m4lk3rnel · local
https://github.com/m4lk3rnel/CVE-2021-3560
This exploit leverages an authentication bypass in polkit (CVE-2021-3560) to create a privileged user and set a password via DBus calls. It demonstrates a local privilege escalation (LPE) by abusing the `CreateUser` and `SetPassword` methods without proper authentication.
Classification
Working Poc 100%
Target:
polkit (systemd component)
No auth needed
Prerequisites:
Local access to a vulnerable system · DBus service running
nomisec
WORKING POC
by markyu0401 · poc
https://github.com/markyu0401/CVE-2021-3560-Polkit-Privilege-Escalation
This repository contains a functional exploit for CVE-2021-3560, a Polkit privilege escalation vulnerability. The exploit leverages a race condition in Polkit's authentication mechanism to create a privileged user via D-Bus messages.
Classification
Working Poc 95%
Target:
Polkit (versions before 0.118)
No auth needed
Prerequisites:
Local access to a vulnerable system · D-Bus access
nomisec
WRITEUP
by titusG85 · poc
https://github.com/titusG85/SideWinder-Exploit
This repository provides a detailed educational writeup on CVE-2021-3560, a privilege escalation vulnerability in polkit due to a race condition. It includes learning objectives, scenario setup, and expected outcomes but lacks actual exploit code.
Classification
Writeup 90%
Target:
polkit (Ubuntu 20.04 and other Linux distributions)
No auth needed
Prerequisites:
Access to a vulnerable Linux system (e.g., Ubuntu 20.04) · Low-privileged user access
nomisec
WORKING POC
by admin-079 · poc
https://github.com/admin-079/CVE-2021-3560
This repository contains a functional exploit for CVE-2021-3560, a local privilege escalation vulnerability in Polkit. The exploit creates a new user and manipulates D-Bus calls to escalate privileges by exploiting a race condition in Polkit's authentication mechanism.
Classification
Working Poc 95%
Target:
Polkit version 0.113 (or later)
No auth needed
Prerequisites:
Local access to the target system · D-Bus service running
nomisec
WORKING POC
by SeimuPVE · local
https://github.com/SeimuPVE/CVE-2021-3560_Polkit
This repository contains a functional exploit for CVE-2021-3560, a local privilege escalation vulnerability in Polkit. The exploit checks for vulnerable Polkit versions and executes a privilege escalation attack by manipulating the D-Bus interface.
Classification
Working Poc 95%
Target:
Polkit (versions 0.105-26 to 0.118)
No auth needed
Prerequisites:
Local access to a vulnerable Linux system · Polkit version within vulnerable range
gitlab
WORKING POC
by f4T1H21 · local
https://gitlab.com/f4T1H21/CVE-2021-3560-Polkit-DBus
This repository contains a functional proof-of-concept exploit for CVE-2021-3560, a Polkit D-Bus privilege escalation vulnerability. The script leverages a race condition in Polkit's D-Bus interface to create a new user and escalate privileges to root.
Classification
Working Poc 95%
Target:
Polkit (policykit-1)
No auth needed
Prerequisites:
access to a vulnerable system with Polkit installed · ability to execute scripts as a low-privileged user
nomisec
WRITEUP
by realatharva15 · poc
https://github.com/realatharva15/polkit-CVE-2021-3560_writeup
This repository provides a detailed technical writeup explaining CVE-2021-3560, a local privilege escalation vulnerability in Polkit. It includes an analogy to simplify the concept and demonstrates the exploit steps using dbus-send commands to create a privileged user.
Classification
Writeup 95%
Target:
Polkit (policykit-1) version 0.105-26ubuntu1
No auth needed
Prerequisites:
Access to a vulnerable system with Polkit version 0.105-26ubuntu1 · Ability to execute commands as a local user
nomisec
WORKING POC
by pashayogi · local
https://github.com/pashayogi/ROOT-CVE-2021-3560
This repository contains a functional exploit for CVE-2021-3560, a local privilege escalation vulnerability in Polkit. The exploit leverages a race condition in the dbus-send mechanism to create a new user with administrative privileges and set a password, allowing an attacker to escalate to root.
Classification
Working Poc 95%
Target:
Polkit 0.105-26 (Ubuntu), Polkit 0.117-2 (Fedora)
Auth required
Prerequisites:
Local access to the target system · SSH session to avoid authentication prompts · Vulnerable version of Polkit installed
nomisec
WORKING POC
by TieuLong21Prosper · local
https://github.com/TieuLong21Prosper/CVE-2021-3560
This exploit leverages a race condition in polkit (CVE-2021-3560) to create a new user with root privileges. It uses timed D-Bus calls to bypass authentication checks, demonstrating a local privilege escalation (LPE) vulnerability.
Classification
Working Poc 95%
Target:
polkit (systemd component)
No auth needed
Prerequisites:
Local access to a vulnerable Linux system with polkit installed
nomisec
WORKING POC
by curtishoughton · local
https://github.com/curtishoughton/CVE-2021-3560
This repository contains a functional exploit for CVE-2021-3560, a local privilege escalation vulnerability in Polkit. The exploit creates a new user and sets a password via D-Bus, leveraging a race condition in Polkit's authentication mechanism.
Classification
Working Poc 95%
Target:
Polkit version 0.113 (or later)
No auth needed
Prerequisites:
Local access to the target system · D-Bus access
nomisec
WORKING POC
by asepsaepdin · local
https://github.com/asepsaepdin/CVE-2021-3560
This repository contains a functional exploit for CVE-2021-3560, a local privilege escalation vulnerability in Polkit. The exploit leverages a race condition in Polkit's D-Bus request handling to create a new user with root privileges.
Classification
Working Poc 95%
Target:
Polkit versions 0.0 to 0.118
No auth needed
Prerequisites:
Local access to the vulnerable system · Polkit version 0.0 to 0.118
nomisec
WORKING POC
by iSTAR-Lab · poc
https://github.com/iSTAR-Lab/CVE-2021-3560_PoC
This repository contains a functional exploit script for CVE-2021-3560, a local privilege escalation vulnerability in polkit. The script automates the creation of a new user with root privileges by exploiting a race condition in the polkit service.
Classification
Working Poc 100%
Target:
polkit (versions in RHEL 8, Fedora 21+, Debian testing, Ubuntu 20.04)
Auth required
Prerequisites:
SSH server access · local user access on the target system
exploitdb
WORKING POC
VERIFIED
by J Smith · bashlocallinux
https://www.exploit-db.com/exploits/50011
This exploit leverages a race condition in Polkit's dbus interface to create a new user with administrative privileges and set a password, allowing local privilege escalation to root. It uses timing-based exploitation to bypass authentication checks.
Classification
Working Poc 95%
Target:
polkit 0.105-26 (Ubuntu), polkit 0.117-2 (Fedora)
No auth needed
Prerequisites:
SSH session to localhost · vulnerable polkit version
vulncheck_xdb
WORKING POC
local
https://github.com/WinMin/CVE-2021-3560
This repository contains a functional exploit for CVE-2021-3560, a PolicyKit privilege escalation vulnerability. The exploit registers a malicious authentication agent via D-Bus to bypass authentication checks and gain root access.
Classification
Working Poc 95%
Target:
PolicyKit (polkit)
No auth needed
Prerequisites:
D-Bus access · PolicyKit version vulnerable to CVE-2021-3560
vulncheck_xdb
WORKING POC
local
https://github.com/f4T1H21/CVE-2021-3560-Polkit-DBus
This repository contains a functional proof-of-concept exploit for CVE-2021-3560, a Polkit D-Bus privilege escalation vulnerability. The script leverages a race condition in Polkit's D-Bus interface to create a new user and escalate privileges to root by manipulating user creation and password setting operations.
Classification
Working Poc 95%
Target:
Polkit (policykit-1)
No auth needed
Prerequisites:
access to a vulnerable system with Polkit installed · ability to execute scripts as a low-privileged user
metasploit
WORKING POC
EXCELLENT
by Kevin Backhouse, Spencer McIntyre, jheysel-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/polkit_dbus_auth_bypass.rb
This Metasploit module exploits a race condition in polkit (CVE-2021-3560) to bypass authentication and add a privileged user, enabling local privilege escalation (LPE). It leverages D-Bus method calls and process termination to trigger the vulnerability.
Classification
Working Poc 100%
Target:
polkit (pkexec) versions vulnerable to CVE-2021-3560
No auth needed
Prerequisites:
Local access to a vulnerable Linux system · dbus-send command availability · polkit service running