does anyone know if this patched? Im using a vps with ubuntu 20.04 kernel 5.4 and wrote a script to run it over and over with varying wait times before killing
So GitHub can post videos of fully functioning exploitable code, but anyone else can't put similar code on GitHub's platform? I think you need to follow your own rules
Hey question. I can't get it to work. If I don't have sudo. Or any gui password auth. can I expect it to work? I also don't have any .service files so the github exploit doesn't work either. BAH! I'M INVINCIBLE! The amount of times people downvote me on something like reddit for calling sudo bloat ware.. :)
Hi, Thank you very much! It is possible to auth bypass in any linux machine, because I know a web server which is not allowing me to run any remote code example: git clone, sudo apt install xyz ? Now when I trying to change password it throwing me at denied line, I can't even change user or create user in that machine. Let me try your POC in that machine. Will update here. Update: Not working tried 17 times, Machine version is vulnerable for exploit, When ever I try to run it says enter password.
In the supporting documentation it indicates that it require gnome-control-center and accountservice which implies if it's a GUI w/gnome it's very likely exploitable, anything w/o a GUI or non-gnome environment is very unlikely to be exploitable. Most web servers and servers in general online don't have GUI's natively installed. That being said if you could potentially install these two dependencies w/o root privs you could maybe exploit it.
good find, well demonstrated !!
l am invincible! Boris™
Very well explained thanks man
in a clean debain installation why do I get:
The name org.freedesktop.Accounts was not provided by any .service files
Nice work 007 errrr Kevin 😛
It comes at the right time
Hi just got my first polkit when trying to use balena etcher writing an OS to and SD - I am using Ubuntu Studio 18.04.6 LTS - any help would be great.
does anyone know if this patched? Im using a vps with ubuntu 20.04 kernel 5.4 and wrote a script to run it over and over with varying wait times before killing
very nice!!!
Hi. What is that string "GoldenEye" there?
Nice work.
Thank you Mr Github, ery noice
This also works with Centos 8 with polkit version 0.115
So GitHub can post videos of fully functioning exploitable code, but anyone else can't put similar code on GitHub's platform? I think you need to follow your own rules
I think that's because you can ask a victim to download the code from github and run it. While having the code in a video is way safer
is it patcher as of Nov 2021
Hey question. I can't get it to work.
If I don't have sudo. Or any gui password auth. can I expect it to work? I also don't have any .service files so the github exploit doesn't work either.
BAH! I'M INVINCIBLE!
The amount of times people downvote me on something like reddit for calling sudo bloat ware.. :)
Neat
great demonstration. How do I fix it?
Magic
wow
Oops
Hi, Thank you very much!
It is possible to auth bypass in any linux machine, because I know a web server which is not allowing me to run any remote code example: git clone, sudo apt install xyz ?
Now when I trying to change password it throwing me at denied line, I can't even change user or create user in that machine.
Let me try your POC in that machine. Will update here.
Update: Not working tried 17 times, Machine version is vulnerable for exploit, When ever I try to run it says enter password.
In the supporting documentation it indicates that it require gnome-control-center and accountservice which implies if it's a GUI w/gnome it's very likely exploitable, anything w/o a GUI or non-gnome environment is very unlikely to be exploitable. Most web servers and servers in general online don't have GUI's natively installed. That being said if you could potentially install these two dependencies w/o root privs you could maybe exploit it.
@@ColinRubbert Thank you 🙏 , I got it.
qute ironic video to post coming from github who was recently purchased by microsoft
seriously
WTF
Yikes