This repository contains a Python file that takes advantage of a vulnerability present on the Epoptes login window in order to gain access to the Epoptes main window without an admin account. This only works on the Epoptes version used in the LliureX operating system.
The exploit works because of how the authentication system is designed on the LliureX's Epoptes launcher.
Once the user name and password is ready, the Epoptes launcher will tell to the server to check if the data is correct.
If everything is correct, the same Python file that opened the Epoptes launcher will open the Epoptes main window.
This is done by instantiating a new EpoptesGui
class, then setting the user name and password on two fields from the class, and finally executing Epoptes.
The problem is, whatever user name and/or password you type in, the EpoptesGui
class will launch the Epoptes main window no matter what. The server will do anything the user orders from that point without checking if the authentication data is valid or not.
- LliureX Server 19.07 (19.200727)
- LliureX Client 16.07 (16.200216)
- LliureX Server 16.07 (16.191025)
- LliureX Client 16.07 (16.180723)
- LliureX Client 16.06 (16.180420)