pkexec doesn't work

[JonathanAppriou]

Hello, pkexec doesn't launch the pwnkit, has anyone encountered this problem ?

It seems that pkexec does not take into account the environment (the env variable in the program ):

[toxyl]

Run it as a non-root user. The whole point of the exploit is to gain root privileges via a non-root user.

[JonathanAppriou]

I also tried with a non-root user but it does exactly the same. Maybe the problem comes from the code or from my machine ?

[toxyl]

Another option is that the target is not vulnerable. IIRC I saw that response on some patched systems too, but I might be wrong. I would suggest you test this on a system you know to be vulnerable, then patch it and try again.

[JonathanAppriou]

Ok, thanks for your quick response.

What make the target vulnerable ?
Sure, the target needs to have Polkit installed and be a Linux distribution, but what else?

[toxyl]

It's all about the version.

According to https://github.com/cyberark/PwnKit-Hunter/blob/main/CVE-2021-4034_Finder.py versions below these are vulnerable:
Ubuntu 20.04: 0.105-26ubuntu1.2
Ubuntu 21.10: 0.105-31ubuntu0.1
Ubuntu 18.04: 0.105-20ubuntu0.18.04.6
Debian stretch: 0.105-18+deb9u2
Debian buster: 0.105-25+deb10u1
Debian bullseye: 0.105-31+deb11u1