• Dana Epp

Automatically privesc to root in pwncat using pwnkit

I released a custom pwnkit module for pwncat that automatically exploits CVE-2021-4034 to privesc to root. You can grab it at https://github.com/DanaEpp/pwncat_pwnkit.

It supports cross compiling and automatic upload to remote targets using Caleb Stewart's awesome pwncat framework. In other words, it doesn't matter if the remote target has gcc or any of the bits. The module will take care of it for you. So catch a rev shell, type "run pwnkit" and appreciate the glory of a root shell.

If you want to see a demo of it in action, check this out.

Enjoy r00t.

#pwncat #privesc #pwnkit