Home Pwnkit CVE-2021-4034
Post
Cancel

Pwnkit CVE-2021-4034

Interactive lab for exploiting and remediating Pwnkit (CVE-2021-4034) in the Polkit package

THM Room https://tryhackme.com/room/pwnkit

TASK 1 : Info Introduction and Deploy

Deploy the machine by clicking on the green “Deploy” button at the top of this task!

No Answer

TASK 2 : Tutorial Background

Is Pwnkit exploitable remotely (Aye/Nay)?

Answer : NAY

In which Polkit utility does the Pwnkit vulnerability reside?

Answer : pkexec

TASK 3 : Practical Exploitation

Read through the cve-2021-4034-poc.c file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!

No Answer.

Exploit the vulnerability!What is the flag located at /root/flag.txt?

Answer : THM{CONGRATULATIONS-YOU-EXPLOITED-PWNKIT}

[Bonus Question — Optional] Using the Qualys advisory and the repository linked in the task, try to write your own version of the Pwnkit exploit.

No Answer.

TASK 4 : Tutorial Remediations

Read the remediations task

No Answer.

Patch the vulnerability on any Linux devices that you manage!

No Answer.

TASK 5 : Info Conclusion

I understand and can use Pwnkit!

No Answer

This post is licensed under CC BY 4.0 by the author.