Add CVE-2021-4024 (polkit privesc)

peass-ng / PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

https://book.hacktricks.xyz

Other

16.04k stars 3.09k forks source link

Add CVE-2021-4024 (polkit privesc) #263

Closed deoxykev closed 2 years ago

deoxykev commented 2 years ago

Add this LPE vector to linpeas: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Vuln Enum

# check for pkexec
which pkexec || echo not vuln

# check suid permissions on pkexec
stat -c '%a' $(which pkexec) | grep -q 4755 || echo not vuln

# check patch date on pkexec
stat -c '%y' $(which pkexec)
# dates before 2022-01-12 may be unpatched & vulnerable

carlospolop commented 2 years ago

Hi guys, I have added that check in https://github.com/carlospolop/PEASS-ng/blob/77cc22a657c28781a0a57b6121ae15d0366f5bca/linPEAS/builder/linpeas_parts/1_system_information.sh#L25-L27 let me know what you think.

Please, note also that linpeas has also embedded https://github.com/mzet-/linux-exploit-suggester which checks for that vuln since it was publicly known, so you could already check for CVE previously that code addition.

deoxykev commented 2 years ago

@carlospolop Thanks for adding it in :). I made a pull request with some changes: https://github.com/carlospolop/PEASS-ng/pull/264

carlospolop commented 2 years ago

Thanks mate:) The new version will ve released soon