Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/unai-d/lliurex-epoptes-exploit

Single Python file that exploits a LliureX's Epoptes vulnerability in order to gain access to any computer.
https://github.com/unai-d/lliurex-epoptes-exploit

exploit lliurex vulnerability

Last synced: 24 days ago
JSON representation

Single Python file that exploits a LliureX's Epoptes vulnerability in order to gain access to any computer.

Awesome Lists containing this project

README 

        
# lliurex-epoptes-exploit

This repository contains a Python file that takes advantage of a vulnerability present on the Epoptes login window in order to gain access to the Epoptes main window without an admin account.

This only works on the Epoptes version used in the [LliureX](https://en.wikipedia.org/wiki/LliureX) operating system.



The exploit works because of how the authentication system is designed on the LliureX's Epoptes launcher.

Once the user name and password is ready, the Epoptes launcher will tell to the server to check if the data is correct.

If everything is correct, the same Python file that opened the Epoptes launcher will open the Epoptes main window.

This is done by instantiating a new `EpoptesGui` class, then setting the user name and password on two fields from the class, and finally executing Epoptes.



The problem is, whatever user name and/or password you type in, the `EpoptesGui` class will launch the Epoptes main window no matter what. The server will do anything the user orders from that point without checking if the authentication data is valid or not.



## This exploit works on...

- LliureX Server 19.07 (19.200727)

- LliureX Client 16.07 (16.200216)

- LliureX Server 16.07 (16.191025)

- LliureX Client 16.07 (16.180723)

- LliureX Client 16.06 (16.180420)