Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2021-3560 PoC — polkit 代码问题漏洞

Source
https://github.com/arcslash/exploit_CVE-2021-3560
Associated Vulnerability
Title:polkit 代码问题漏洞 (CVE-2021-3560)
Description:It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Description
Exploitation Script for CVE-2021-3560
Readme
# CVE-2021-3560 Exploit Script

This script exploits CVE-2021-3560, a vulnerability in polkit that allows privilege escalation to root.

## Usage

After cloning the repository, grant execution permissions and run the script:

```bash
chmod +x exploit.sh
./exploit.sh
```

## Expected Outcome

After running the script, a new user will be created with root privileges. You can log in using the credentials specified in the script:

```
ROOT_USER="john"
ROOT_PASS="john@123"
```

### Example Login

```bash
su john
Password: john@123
sudo su
whoami
root
```

## Disclaimer

This exploit is provided for educational purposes only. Use it responsibly and only on systems you have explicit permission to test. Unauthorized access to systems is illegal and punishable under law.

## References

- [CVE-2021-3560 Details](https://nvd.nist.gov/vuln/detail/CVE-2021-3560)
- [Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug](https://github.blog/security/vulnerability-research/privilege-escalation-polkit-root-on-linux-with-bug/)
File Snapshot

 [4.0K]  /data/pocs/7999ccd1140aa2657fb353582476c35de8c73f37
├── [3.0K]  exploit.sh
└── [1.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →