PwnKit Vulnerability - Local Privilege Escalation

PwnKit Vulnerability - Local Privilege Escalation
Download Copy
Title: PwnKit Vulnerability - Local Privilege Escalation
Author: TW-D

The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration. 

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

🏆   Recognized with a Payload Award in September 2023

 

 

 

Execution is the method of either remotely or locally running code — malicious or otherwise — on a target computer. Execution is typically coupled with other techniques to carry out more complex tasks, like performing reconnaissance, exfiltration or credential harvesting. Execution may be ephemeral, or coupled with persistence techniques used to maintain remote access or continued code execution. See all execution payloads.

This payload is for the Bash Bunny. Simultaneously mimic multiple trusted devices to trick targets into divulging sensitive information without triggering defenses. The Bash Bunny is truly the world's most advanced USB attack platform.

Submit your own payload, or browse more featured Bash Bunny Payloads.

 

 

Related Payloads

SignalFence
SignalFence
Track any wireless device — AP, client, or MAC-randomizing phone — and get alerted the moment it enters a configurable s
Read More
Doppelganger
Doppelganger
Spoof your targets hostname and MAC address to appear less suspicious to the target network.
Read More
Jelly Sentinel
Jelly Sentinel
Jelly Sentinel is a native network security assessment tool built for the WiFi Pineapple Pager. Drop it on a network,
Read More