CVE

Python exploit code for CVE-2021-4034 (pwnkit)

Python3 code to exploit
CVE-2021-4034
(PWNKIT).
This was an exercise in “can I make this work in Python?”, and not meant
as a robust exploit. It Works For Me, there are problaby bugs.

The default payload starts a shell as root, generated from msfvenom:

msfvenom -p linux/x64/exec -f elf-so PrependSetuid=true | base64

I’ve tested linux/x64/shell_reverse_tcp as well. Make sure you include
the PrependSetuid=true argument to msfvenom, otherwise you’ll just get
a shell as the user and not root.

The code is cribbed from blasty, the orginal is
available here

 

To finish reading, please visit source site