GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mebeim → CVE-2021-4034

mebeim / CVE-2021-4034

Licence: Unlicense license
CVE-2021-4034: Local Privilege Escalation in polkit's pkexec proof of concept

Programming Languages

c
50402 projects - #5 most used programming language
shell
77523 projects

Labels

proof-of-conceptlpepolkitpkexeccve-2021-4034pwnkit

Projects that are alternatives of or similar to CVE-2021-4034

Sutekh
An example rootkit that gives a userland process root permissions
Stars: ✭ 62 (+210%)
Mutual labels:  proof-of-concept
Nothing Private
Do you think you are safe using private browsing or incognito mode?. 😄 👿 This will prove that you're wrong.
Stars: ✭ 1,375 (+6775%)
Mutual labels:  proof-of-concept
Yubitls
A Go TLS/HTTPS server demo that uses a Yubikey as the backend for it's private key
Stars: ✭ 168 (+740%)
Mutual labels:  proof-of-concept
Nrf24 Playset
Software tools for Nordic Semiconductor nRF24-based devices like wireless keyboards, mice, and presenters
Stars: ✭ 73 (+265%)
Mutual labels:  proof-of-concept
Libcimbar
Optimized implementation for color-icon-matrix barcodes
Stars: ✭ 98 (+390%)
Mutual labels:  proof-of-concept
Gopoc
用cel-go重现了长亭xray的poc检测功能的轮子
Stars: ✭ 124 (+520%)
Mutual labels:  proof-of-concept
Go Restful
🚀 A real world production-grade RESTful Web Services proof-of-concept project.
Stars: ✭ 58 (+190%)
Mutual labels:  proof-of-concept
BetterDiscordPlugins
🔥 My collection of Discord plugins for BetterDiscord, the Discord enhancement project
Stars: ✭ 120 (+500%)
Mutual labels:  proof-of-concept
Periods
PERIODs and SYSTEM VERSIONING for PostgreSQL
Stars: ✭ 101 (+405%)
Mutual labels:  proof-of-concept
Gltf To Usdz Research
Research and proof of concept of converting glTF to USDZ for AR Quick Look (iOS 12+).
Stars: ✭ 164 (+720%)
Mutual labels:  proof-of-concept
Radio Hackbox
PoC tool to demonstrate vulnerabilities in wireless input devices
Stars: ✭ 74 (+270%)
Mutual labels:  proof-of-concept
Kunpeng
kunpeng是一个Golang编写的开源POC框架/库,以动态链接库的形式提供各种语言调用,通过此项目可快速开发漏洞检测类的系统。
Stars: ✭ 1,242 (+6110%)
Mutual labels:  proof-of-concept
Spectre Meltdown Poc
A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities
Stars: ✭ 127 (+535%)
Mutual labels:  proof-of-concept
Theoretical Proof Of Neural Network Model And Implementation Based On Numpy
This resource implements a deep neural network through Numpy, and is equipped with easy-to-understand theoretical derivation, mainly for the in-depth understanding of neural networks. 神经网络模型的理论证明与基于Numpy的实现。
Stars: ✭ 65 (+225%)
Mutual labels:  proof-of-concept
Deephack
PoC code from DEF CON 25 presentation
Stars: ✭ 222 (+1010%)
Mutual labels:  proof-of-concept
Nodejs Virus
A Node.js Proof of Concept Virus
Stars: ✭ 58 (+190%)
Mutual labels:  proof-of-concept
Nailgun
Nailgun attack on ARM devices.
Stars: ✭ 114 (+470%)
Mutual labels:  proof-of-concept
poc-github-actions
Various proofs of concept examples using Github Actions 🤖
Stars: ✭ 103 (+415%)
Mutual labels:  proof-of-concept
coldfusion-10-11-xss
Proof of Concept code for CVE-2015-0345 (APSB15-07)
Stars: ✭ 22 (+10%)
Mutual labels:  proof-of-concept
Proof Of Concepts
A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (+640%)
Mutual labels:  proof-of-concept
View All Similar Projects ➔

CVE-2021-4034 Proof of Concept

Qualys researches found a pretty cool local privilege escalation vulnerability in Polkit's pkexec: writeup, tweet. This vuln has been around and exploitable on major Linux distros for quite a long time. Security patches have been published, so I decided to write a very simple PoC to show how trivial it is to exploit this. The code in this repo should be really self-explanatory after reading the linked write-up. Also thanks to @Drago1729 for the idea and the help.

How to:

  1. Get a vulnerable version of pkexec e.g. from policykit-1 <= 0.105-31 in the Debian repos or even built from source. You can have it locally installed or just copy the pkexec executable alone directly in this directory (make sure it's executable and setuid root).
  2. Ensure you have GCC installed in order to compile the two C helpers in this repo.
  3. Run ./expl.sh and enjoy.

NOTE: expl.sh will first look for pkexec in the current working directory, then fall-back to $PATH. Since pkexec is usually a setuid-root executable, maybe run this in a VM and not on your machine, y'know...

Demo:

result

Cheers, @mebeim :)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].