L-POLKIT-PWNKITPrivilege Escalation

polkit pwnkit (CVE-2021-4034)

polkit pkexec local privesc to root on practically every Linux distro until early 2022.

§ Where this technique fits

L-POLKIT-PWNKIT is catalogued under the Privilege Escalation tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 4 on average.

§ Dossiers chaining this technique

polkit pwnkit (CVE-2021-4034) → instant root
Pre-2022 pkexec has a heap-overflow exploitable with no special permissions. Compile / drop the exploit, run as low-priv user, gain root.
step 4 / 5

§ What commonly comes next

01
SSH authorized_keys Backdoor
L-SSH-AUTHKEYS · Persistence
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

polkit pwnkit (CVE-2021-4034) → instant root

§ What commonly comes next