Very grateful to the original PoC author @UNICORDev by (@NicPWNs and @Dev-Yeoj)
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
-
Install git, then clone the script from the github repository:
sudo apt install git python3 -y git clone https://github.com/asepsaepdin/CVE-2021-3560.git
-
Run the PoC script using command:
python3 exploit-CVE-2021-3560.py -u hacker -p password
Notes: specify -u options with the intended username and -p options with the intended password
-
Verify the created user using command:
su hacker id