{"id":19900317,"url":"https://github.com/unai-d/lliurex-epoptes-exploit","last_synced_at":"2026-06-12T15:31:04.098Z","repository":{"id":155077106,"uuid":"344253945","full_name":"unai-d/lliurex-epoptes-exploit","owner":"unai-d","description":"Single Python file that exploits a LliureX's Epoptes vulnerability in order to gain access to any computer.","archived":false,"fork":false,"pushed_at":"2021-03-12T11:21:30.000Z","size":4,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-28T02:59:02.119Z","etag":null,"topics":["exploit","lliurex","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/unai-d.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-03T20:23:34.000Z","updated_at":"2025-05-11T17:31:52.000Z","dependencies_parsed_at":"2023-09-08T11:49:02.761Z","dependency_job_id":null,"html_url":"https://github.com/unai-d/lliurex-epoptes-exploit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/unai-d/lliurex-epoptes-exploit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unai-d%2Flliurex-epoptes-exploit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unai-d%2Flliurex-epoptes-exploit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unai-d%2Flliurex-epoptes-exploit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unai-d%2Flliurex-epoptes-exploit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/unai-d","download_url":"https://codeload.github.com/unai-d/lliurex-epoptes-exploit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unai-d%2Flliurex-epoptes-exploit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34251774,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-12T02:00:06.859Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit","lliurex","vulnerability"],"created_at":"2024-11-12T20:11:56.073Z","updated_at":"2026-06-12T15:31:04.075Z","avatar_url":"https://github.com/unai-d.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# lliurex-epoptes-exploit\nThis repository contains a Python file that takes advantage of a vulnerability present on the Epoptes login window in order to gain access to the Epoptes main window without an admin account.\nThis only works on the Epoptes version used in the [LliureX](https://en.wikipedia.org/wiki/LliureX) operating system.\n\nThe exploit works because of how the authentication system is designed on the LliureX's Epoptes launcher.\nOnce the user name and password is ready, the Epoptes launcher will tell to the server to check if the data is correct.\nIf everything is correct, the same Python file that opened the Epoptes launcher will open the Epoptes main window.\nThis is done by instantiating a new `EpoptesGui` class, then setting the user name and password on two fields from the class, and finally executing Epoptes.\n\nThe problem is, whatever user name and/or password you type in, the `EpoptesGui` class will launch the Epoptes main window no matter what. The server will do anything the user orders from that point without checking if the authentication data is valid or not.\n\n## This exploit works on...\n- LliureX Server 19.07 (19.200727)\n- LliureX Client 16.07 (16.200216)\n- LliureX Server 16.07 (16.191025)\n- LliureX Client 16.07 (16.180723)\n- LliureX Client 16.06 (16.180420)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funai-d%2Flliurex-epoptes-exploit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Funai-d%2Flliurex-epoptes-exploit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funai-d%2Flliurex-epoptes-exploit/lists"}