đŸš©
THM Walkthroughs
  • THM Walkthroughs
    • đŸ§‘â€đŸ«Tutorial
  • 🟩Difficulty: Info
    • 🔌What is Networking?
    • 🔌Intro to LAN
    • 🐧Linux Fundamentals
      • 🐧Linux Fundamentals Part 1
        • Task 2 - A Bit of Background on Linux
        • Task 4 - Running Your First few Commands
        • Task 5 - Interacting With the Filesystem!
        • Task 6 - Searching for Files
        • Task 7 - An Introduction to Shell Operators
      • 🐧Linux Fundamentals Part 2
        • Task 3 - Introduction to Flags and Switches
        • Task 4 - Filesystem Interaction Continued
        • Task 5 - Permissions 101
        • Task 6 - Common Directories
      • 🐧Linux Fundamentals Part 3
        • Task 3 - Terminal Text Editors
        • Task 4 - General/Useful Utilities
        • Task 5 - Processes 101
        • Task 6 - Maintaining Your System: Automation
        • Task 8 - Maintaining Your System: Logs
    • đŸȘŸWindows Fundamentals
      • đŸȘŸWindows Fundamentals 1
      • đŸȘŸWindows Fundamentals 2
      • đŸȘŸWindows Fundamentals 3
    • 🔓Principles of Security
    • 🐍Python Basics
    • 🔍History of Malware
    • đŸŠčCommon Attacks
    • đŸ–„ïžSecurity Awareness
    • ⚔Intro to Offensive Security
    • đŸŠčPentesting Fundamentals
    • 🔓CVE Walkthroughs
      • đŸ–„ïžSudo Security Bypass: CVE-2019-14287
      • đŸ–„ïžSudo Buffer Overflow: CVE-2019-18634
      • đŸ–„ïžBaron Samedit: CVE-2021-3156
      • đŸ–„ïžOverlayFS: CVE-2021-3493
      • đŸ–„ïžPolkit: CVE-2021-3560
      • đŸ–„ïžPwnkit: CVE-2021-4034
      • đŸȘ¶Apache HTTP Server Path Traversal: CVE-2021-41773/42013
      • đŸ§»Dirty Pipe: CVE-2022-0847
      • 🟱Spring4Shell: CVE-2022-22965
    • 🟧Burp Suite
      • 🟧Burp Suite: The Basics
      • 🟧Burp Suite: Repeater
    • 🏁Challenges
      • ‎Bypass Disable Functions
    • đŸŽŸïžTHM PROMOs
      • đŸŽŸïžLearn and win prizes [PROMO ENDED]
      • đŸŽŸïžLearn and win prizes #2 [PROMO ENDED]
  • đŸŸ©Difficulty: Easy
    • 🚀Learning Cyber Security
    • 🔁The Hacker Methodology
    • 🔍Google Dorking
      • Task 2 - Let's Learn About Crawlers
      • Task 4 - Beepboop - Robots.txt
      • Task 5 - Sitemaps
      • Task 6 - What is Google Dorking?
    • 🐝OWASP Top 10
      • Task 5 - Command Injection Practical
      • Task 7 - Broken Authentication Practical
      • Task 11 - Sensitive Data Exposure (Challenge)
      • Task 13 - XML External Entity - eXtensible Markup Language
      • Task 14 - XML External Entity - DTD
      • Task 16 - XML External Entity - Exploiting
      • Task 18 - Broken Access Control (IDOR Challenge)
      • Task 19 - Security Misconfiguration
      • Task 20 - Cross-site Scripting
      • Task 21 - Insecure Deserialization
      • Task 24 - Insecure Deserialization - Cookies
      • Task 25 - Insecure Deserialization - Cookies Practical
      • Task 30 - Insufficient Logging and Monitoring
    • 📡Nmap
      • Task 2 - Introduction
      • Task 3 - Nmap Switches
      • Task 5 - TCP Connect Scans
      • Task 6 - Scan Types SYN Scans
      • Task 7 - UDP Scans
      • Task 8 - NULL, FIN and Xmas
      • Task 9 - ICMP Network Scanning
      • Task 10 - NSE Scripts Overview
      • Task 11 - Working with the NSE
      • Task 12 - Searching for Scripts
      • Task 13 - Firewall Evasion
      • Task 14 - Practical
    • 📡RustScan
      • Task 2 - Installing RustScan
      • Task 5 - Extensible
      • Task 7 - Scanning Time!
      • Task 8 - RustScan Quiz
    • 🐙Crack the hash
    • 🌍OhSINT
    • 🧑‍🚀Vulnversity
    • 🧊Ice
    • đŸȘŸBlue
    • 🎄Advent of Cyber 4 (2022)
  • 🟹Difficulty: Medium
    • đŸȘŸAttacktive Directory
      • Task 3 - Welcome to Attacktive Directory
      • Task 4 - Enumerating Users via Kerberos
      • Task 5 - Abusing Kerberos
      • Task 6 - Back to the Basics
      • Task 7 - Elevating Privileges within the Domain
      • Task 8 - Flag Submission Panel
    • 💀Mr Robot CTF
    • 🛗Linux PrivEsc
    • 🛗Linux PrivEsc Arena [WIP]
    • 🛗Windows PrivEsc Arena
  • 🟧Difficulty: Hard
    • 🐘Hacking Hadoop [WIP]
  • đŸŸ„Difficulty: Insane
    • â›șYou're in a cave [WIP]
  • Blank Room (Duplicate Me)
Powered by GitBook
On this page
  • Task 1 - Info Introduction and Deploy!
  • Deploy the machine by clicking on the green "Deploy" button at the top of this task!
  • Task 2 - Tutorial Background
  • Is Pwnkit exploitable remotely (Aye/Nay)?
  • In which Polkit utility does the Pwnkit vulnerability reside?
  • Task 3 - Practical Exploitation
  • Read through the cve-2021-4034-poc.c file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!
  • Exploit the vulnerability! What is the flag located at /root/flag.txt?
  • [Bonus Question — Optional] Using the Qualys advisory and the repository linked in the task, try to write your own version of the Pwnkit exploit.
  • Task 4 - Tutorial Remediations
  • Read the remediations task
  • Patch the vulnerability on any Linux devices that you manage!
  • Task 5 - Info Conclusion
  • I understand and can use Pwnkit!
  1. Difficulty: Info
  2. CVE Walkthroughs

Pwnkit: CVE-2021-4034

Interactive lab for exploiting and remediating Pwnkit (CVE-2021-4034) in the Polkit package

PreviousPolkit: CVE-2021-3560NextApache HTTP Server Path Traversal: CVE-2021-41773/42013

Last updated 2 years ago

Room Attributes
Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Info

Tags

Polkit, Pwnkit, Linux, CVE-2021-4034

Task 1 - Info Introduction and Deploy!

Deploy the machine by clicking on the green "Deploy" button at the top of this task!

No answer needed

Task 2 - Tutorial Background

Is Pwnkit exploitable remotely (Aye/Nay)?

In which Polkit utility does the Pwnkit vulnerability reside?

Task 3 - Practical Exploitation

No answer needed

Exploit the vulnerability! What is the flag located at /root/flag.txt?

No answer needed

Task 4 - Tutorial Remediations

Read the remediations task

No answer needed

Patch the vulnerability on any Linux devices that you manage!

No answer needed

Task 5 - Info Conclusion

I understand and can use Pwnkit!

No answer needed

Reveal Flag
Reveal Flag

Read through the cve-2021-4034-poc.c file and try to understand how it works. See if you can match this up with the and the explanation given in the previous task!

Reveal Flag

[Bonus Question — Optional] Using the and the linked in the task, try to write your own version of the Pwnkit exploit.

Nay

pkexec

THM{CONGRATULATIONS-YOU-EXPLOITED-PWNKIT}

🟩
🔓
đŸ–„ïž
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
Qualys security advisory
Qualys advisory
repository
TryHackMe | Pwnkit: CVE-2021-4034TryHackMe
https://tryhackme.com/room/pwnkit
Logo