🖥️Pwnkit: CVE-2021-4034

Interactive lab for exploiting and remediating Pwnkit (CVE-2021-4034) in the Polkit package

Room Attributes

Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Info

Task 1 - Info Introduction and Deploy!

Deploy the machine by clicking on the green "Deploy" button at the top of this task!

No answer needed

Task 2 - Tutorial Background

Is Pwnkit exploitable remotely (Aye/Nay)?

Reveal Flag 🚩

🚩Nay

In which Polkit utility does the Pwnkit vulnerability reside?

Reveal Flag 🚩

🚩pkexec

Task 3 - Practical Exploitation

Read through the `cve-2021-4034-poc.c` file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!

No answer needed

Exploit the vulnerability! What is the flag located at `/root/flag.txt`?

Reveal Flag 🚩

🚩THM{CONGRATULATIONS-YOU-EXPLOITED-PWNKIT}

[Bonus Question — Optional] Using the Qualys advisory and the repository linked in the task, try to write your own version of the Pwnkit exploit.

No answer needed

Task 4 - Tutorial Remediations

Read the remediations task

No answer needed

Patch the vulnerability on any Linux devices that you manage!

No answer needed

Task 5 - Info Conclusion

I understand and can use Pwnkit!

No answer needed

PreviousPolkit: CVE-2021-3560 NextApache HTTP Server Path Traversal: CVE-2021-41773/42013

Last updated 3 years ago

hashtagTask 1 - Info Introduction and Deploy!

hashtagDeploy the machine by clicking on the green "Deploy" button at the top of this task!

hashtagTask 2 - Tutorial Background

hashtagIs Pwnkit exploitable remotely (Aye/Nay)?

hashtagIn which Polkit utility does the Pwnkit vulnerability reside?

hashtagTask 3 - Practical Exploitation

hashtagRead through the cve-2021-4034-poc.c file and try to understand how it works. See if you can match this up with the Qualys security advisoryarrow-up-right and the explanation given in the previous task!

hashtagExploit the vulnerability! What is the flag located at /root/flag.txt?

hashtag[Bonus Question — Optional] Using the Qualys advisoryarrow-up-right and the repositoryarrow-up-right linked in the task, try to write your own version of the Pwnkit exploit.

hashtagTask 4 - Tutorial Remediations

hashtagRead the remediations task

hashtagPatch the vulnerability on any Linux devices that you manage!

hashtagTask 5 - Info Conclusion

hashtagI understand and can use Pwnkit!

Task 1 - Info Introduction and Deploy!

Deploy the machine by clicking on the green "Deploy" button at the top of this task!

Task 2 - Tutorial Background

Is Pwnkit exploitable remotely (Aye/Nay)?

In which Polkit utility does the Pwnkit vulnerability reside?

Task 3 - Practical Exploitation

Read through the `cve-2021-4034-poc.c` file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!

Exploit the vulnerability! What is the flag located at `/root/flag.txt`?

[Bonus Question — Optional] Using the Qualys advisory and the repository linked in the task, try to write your own version of the Pwnkit exploit.

Task 4 - Tutorial Remediations

Read the remediations task

Patch the vulnerability on any Linux devices that you manage!

Task 5 - Info Conclusion

I understand and can use Pwnkit!