Skip to content

Single Python file that exploits a LliureX's Epoptes vulnerability in order to gain access to any computer.

Notifications You must be signed in to change notification settings

unai-d/lliurex-epoptes-exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 

Repository files navigation

lliurex-epoptes-exploit

This repository contains a Python file that takes advantage of a vulnerability present on the Epoptes login window in order to gain access to the Epoptes main window without an admin account. This only works on the Epoptes version used in the LliureX operating system.

The exploit works because of how the authentication system is designed on the LliureX's Epoptes launcher. Once the user name and password is ready, the Epoptes launcher will tell to the server to check if the data is correct. If everything is correct, the same Python file that opened the Epoptes launcher will open the Epoptes main window. This is done by instantiating a new EpoptesGui class, then setting the user name and password on two fields from the class, and finally executing Epoptes.

The problem is, whatever user name and/or password you type in, the EpoptesGui class will launch the Epoptes main window no matter what. The server will do anything the user orders from that point without checking if the authentication data is valid or not.

This exploit works on...

  • LliureX Server 19.07 (19.200727)
  • LliureX Client 16.07 (16.200216)
  • LliureX Server 16.07 (16.191025)
  • LliureX Client 16.07 (16.180723)
  • LliureX Client 16.06 (16.180420)

About

Single Python file that exploits a LliureX's Epoptes vulnerability in order to gain access to any computer.

Topics

Resources

Stars

Watchers

Forks

Languages