🖥️Pwnkit: CVE-2021-4034

Interactive lab for exploiting and remediating Pwnkit (CVE-2021-4034) in the Polkit package

Room Attributes	Value
Subscription Required	False [Free]
Type	Walkthrough
Difficulty	Info
Tags	Polkit, Pwnkit, Linux, CVE-2021-4034

Room Attributes

Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Info

Task 1 - Info Introduction and Deploy!

Deploy the machine by clicking on the green "Deploy" button at the top of this task!

No answer needed

Task 2 - Tutorial Background

Is Pwnkit exploitable remotely (Aye/Nay)?

Reveal Flag 🚩

🚩Nay

In which Polkit utility does the Pwnkit vulnerability reside?

Reveal Flag 🚩

🚩pkexec

Task 3 - Practical Exploitation

Read through the `cve-2021-4034-poc.c` file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!

No answer needed

Exploit the vulnerability! What is the flag located at `/root/flag.txt`?

Reveal Flag 🚩

🚩THM{CONGRATULATIONS-YOU-EXPLOITED-PWNKIT}

[Bonus Question — Optional] Using the Qualys advisory and the repository linked in the task, try to write your own version of the Pwnkit exploit.

No answer needed

Task 4 - Tutorial Remediations

Read the remediations task

No answer needed

Patch the vulnerability on any Linux devices that you manage!

No answer needed

Task 5 - Info Conclusion

I understand and can use Pwnkit!

No answer needed

PreviousPolkit: CVE-2021-3560 NextApache HTTP Server Path Traversal: CVE-2021-41773/42013

Last updated 2 years ago

Task 1 - Info Introduction and Deploy!

Deploy the machine by clicking on the green "Deploy" button at the top of this task!

Task 2 - Tutorial Background

Is Pwnkit exploitable remotely (Aye/Nay)?

In which Polkit utility does the Pwnkit vulnerability reside?

Task 3 - Practical Exploitation

Read through the cve-2021-4034-poc.c file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!

Exploit the vulnerability! What is the flag located at /root/flag.txt?

[Bonus Question — Optional] Using the Qualys advisory and the repository linked in the task, try to write your own version of the Pwnkit exploit.

Task 4 - Tutorial Remediations

Read the remediations task

Patch the vulnerability on any Linux devices that you manage!

Task 5 - Info Conclusion

I understand and can use Pwnkit!

Task 1 - Info Introduction and Deploy!

Deploy the machine by clicking on the green "Deploy" button at the top of this task!

Task 2 - Tutorial Background

Is Pwnkit exploitable remotely (Aye/Nay)?

In which Polkit utility does the Pwnkit vulnerability reside?

Task 3 - Practical Exploitation

Read through the cve-2021-4034-poc.c file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!

Exploit the vulnerability! What is the flag located at /root/flag.txt?

[Bonus Question — Optional] Using the Qualys advisory and the repository linked in the task, try to write your own version of the Pwnkit exploit.

Task 4 - Tutorial Remediations

Read the remediations task

Patch the vulnerability on any Linux devices that you manage!

Task 5 - Info Conclusion

I understand and can use Pwnkit!

Read through the `cve-2021-4034-poc.c` file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!

Exploit the vulnerability! What is the flag located at `/root/flag.txt`?

Read through the `cve-2021-4034-poc.c` file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!

Exploit the vulnerability! What is the flag located at `/root/flag.txt`?