toxyl
commented
2 years ago Run it as a non-root user. The whole point of the exploit is to gain root privileges via a non-root user.
Open JonathanAppriou opened 2 years ago
toxyl
commented
2 years ago Run it as a non-root user. The whole point of the exploit is to gain root privileges via a non-root user.
JonathanAppriou
commented
2 years ago I also tried with a non-root user but it does exactly the same. Maybe the problem comes from the code or from my machine ?
toxyl
commented
2 years ago Another option is that the target is not vulnerable. IIRC I saw that response on some patched systems too, but I might be wrong. I would suggest you test this on a system you know to be vulnerable, then patch it and try again.
JonathanAppriou
commented
2 years ago Ok, thanks for your quick response.
What make the target vulnerable ? Sure, the target needs to have Polkit installed and be a Linux distribution, but what else?
toxyl
commented
2 years ago It's all about the version.
According to https://github.com/cyberark/PwnKit-Hunter/blob/main/CVE-2021-4034_Finder.py versions below these are vulnerable: Ubuntu 20.04: 0.105-26ubuntu1.2 Ubuntu 21.10: 0.105-31ubuntu0.1 Ubuntu 18.04: 0.105-20ubuntu0.18.04.6 Debian stretch: 0.105-18+deb9u2 Debian buster: 0.105-25+deb10u1 Debian bullseye: 0.105-31+deb11u1
Hello, pkexec doesn't launch the pwnkit, has anyone encountered this problem ?
It seems that pkexec does not take into account the environment (the env variable in the program ):