- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Exploiting Polkit pkexec LPE Vulnerability (CVE-2021-4034) - TryHackMe "PwnKit" Room
Video walkthrough for the new @RealTryHackMe "PwnKit" Room by MuirlandOracle. We'll investigate, exploit and mitigate the recently discovered memory corruption vulnerability (read/write out-of-bounds) in Polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability (CVE-2021-4034) allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration. Hope you enjoy 🙂 #TryHackMe #PwnKit #Polkit #pkexec #CVE-2021-4034
↢TryHackMe↣
https://tryhackme.com/room/pwnkit
https://twitter.com/RealTryHackMe
https://discord.gg/tryhackme
↢PwnKit↣
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://ryiron.wordpress.com/2013/12/16/argv-silliness/
https://github.com/ly4k/PwnKit
https://github.com/clubby789/CVE-2021-4034/blob/master/poc.c
👷♂️Resources🛠
https://cryptocat.me/resources
↢Chapters↣
Start: 0:00
Introduction and Deploy (Info): 0:53
Background (Tutorial): 1:30
Exploitation (Practical): 6:13
Technical Details (Qualys blog): 8:30
Exploit PoC Code Review: 14:20
Remediations (Tutorial): 16:18
Conclusion (Info): 17:37
End: 18:03
Видео Exploiting Polkit pkexec LPE Vulnerability (CVE-2021-4034) - TryHackMe "PwnKit" Room канала CryptoCat
↢TryHackMe↣
https://tryhackme.com/room/pwnkit
https://twitter.com/RealTryHackMe
https://discord.gg/tryhackme
↢PwnKit↣
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://ryiron.wordpress.com/2013/12/16/argv-silliness/
https://github.com/ly4k/PwnKit
https://github.com/clubby789/CVE-2021-4034/blob/master/poc.c
👷♂️Resources🛠
https://cryptocat.me/resources
↢Chapters↣
Start: 0:00
Introduction and Deploy (Info): 0:53
Background (Tutorial): 1:30
Exploitation (Practical): 6:13
Technical Details (Qualys blog): 8:30
Exploit PoC Code Review: 14:20
Remediations (Tutorial): 16:18
Conclusion (Info): 17:37
End: 18:03
Видео Exploiting Polkit pkexec LPE Vulnerability (CVE-2021-4034) - TryHackMe "PwnKit" Room канала CryptoCat
PwnKit pkexec polkit PolicyKit CVE-2021-4034 2021-4034 CVE exploit vulnerability Qualys TryHackMe memory corruption out of bounds ENV envp argv SUID LPE privilege escalation PrivEsc path injection pen-testing pentest OSCP penetration test redteam offsec infosec cybersecurity training ethical hacking zeroday zero day n day bug tutorial walkthrough guide hacking hack cyber CTF capture the flag security vulnerabiliy exploitation beginner n00b gcc Try Hack Me THM PWNKIT 4034 vuln
Комментарии отсутствуют
Информация о видео
28 января 2022 г. 18:16:09
00:18:53
Другие видео канала
![Decoding, Brute-Forcing and Crafting Flask Session Cookies - "web-intro" [DefCamp CTF 2022]](https://i.ytimg.com/vi/dA28abgc57o/default.jpg)
Decoding, Brute-Forcing and Crafting Flask Session Cookies - "web-intro" [DefCamp CTF 2022]
![Bat Computer [easy]: HackTheBox Pwn Challenge (shellcode injection)](https://i.ytimg.com/vi/NZfqLFuffYY/default.jpg)
Bat Computer [easy]: HackTheBox Pwn Challenge (shellcode injection)
Day 4 - HTB Cyber Santa CTF: HackTheBox Capture The Flag 2021
![Emdee Five for Life [easy]: HackTheBox Misc Challenge (BeautifulSoup / Burp Intruder)](https://i.ytimg.com/vi/n0Dg-19DB9Y/default.jpg)
Emdee Five for Life [easy]: HackTheBox Misc Challenge (BeautifulSoup / Burp Intruder)
![Buffer Overflow (ret2win) with 5 char* Arguments - "Vader" Pwn Challenge [Space Heroes CTF 2022]](https://i.ytimg.com/vi/DRgpQvraTUo/default.jpg)
Buffer Overflow (ret2win) with 5 char* Arguments - "Vader" Pwn Challenge [Space Heroes CTF 2022]
![fs0ciety [easy]: HackTheBox Misc Challenge (ZIP cracking)](https://i.ytimg.com/vi/-cc1k6AwsLE/default.jpg)
fs0ciety [easy]: HackTheBox Misc Challenge (ZIP cracking)
![BitsNBytes [hard]: HackTheBox Stego Challenge (Stego Helper Identification Tool)](https://i.ytimg.com/vi/sI7dQaEp-mE/default.jpg)
BitsNBytes [hard]: HackTheBox Stego Challenge (Stego Helper Identification Tool)
Forensics Challenges - HTB x Synack RedTeamFive Capture The Flag (CTF) 2021
![X-Forwarded-For Header Spoofing and XXE - "BioCorp" [INTIGRITI 1337UP CTF 2024]](https://i.ytimg.com/vi/hyi_JZvXOTU/default.jpg)
X-Forwarded-For Header Spoofing and XXE - "BioCorp" [INTIGRITI 1337UP CTF 2024]
![Marshal In The Middle [medium]: HackTheBox Forensics Challenge (decrypt TLS traffic in wireshark)](https://i.ytimg.com/vi/6WYN66mygaA/default.jpg)
Marshal In The Middle [medium]: HackTheBox Forensics Challenge (decrypt TLS traffic in wireshark)
![Blue Shadow [medium]: HackTheBox Forensics Challenge (tweetlord)](https://i.ytimg.com/vi/8CawjASJi0Q/default.jpg)
Blue Shadow [medium]: HackTheBox Forensics Challenge (tweetlord)
Pwn: clutter-overflow - picoMini CTF 2021 Challenge
![Leet Test [easy]: HackTheBox Pwn Challenge (format string write exploit with pwntools)](https://i.ytimg.com/vi/NOY_dc2fRbU/default.jpg)
Leet Test [easy]: HackTheBox Pwn Challenge (format string write exploit with pwntools)
![Pusheen Loves Graphs [easy]: HackTheBox Misc Challenge (IDA Pro)](https://i.ytimg.com/vi/z6kvBBxlSgc/default.jpg)
Pusheen Loves Graphs [easy]: HackTheBox Misc Challenge (IDA Pro)
![One Time Pad (OTP) with a Twist - "Schrödinger's Pad" [INTIGRITI 1337UP CTF 2024]](https://i.ytimg.com/vi/9NrmlOBcF1c/default.jpg)
One Time Pad (OTP) with a Twist - "Schrödinger's Pad" [INTIGRITI 1337UP CTF 2024]
![Forget Me Not [medium]: HackTheBox Forensics Challenge (volatiliy .dwarf files)](https://i.ytimg.com/vi/GJSALoiVHko/default.jpg)
Forget Me Not [medium]: HackTheBox Forensics Challenge (volatiliy .dwarf files)
![JWT Key Confusion & Nunjucks SSTI - "Naughty or Nice" [Day 5: HackTheBox Cyber Santa CTF]](https://i.ytimg.com/vi/tV7C6HSrtm4/default.jpg)
JWT Key Confusion & Nunjucks SSTI - "Naughty or Nice" [Day 5: HackTheBox Cyber Santa CTF]
![403 Bypass and Deserialization in BentoML Library (CVE-2024-2912) - "Summar-AI-ze" [Web Challenge]](https://i.ytimg.com/vi/5NCzDZcx_Dg/default.jpg)
403 Bypass and Deserialization in BentoML Library (CVE-2024-2912) - "Summar-AI-ze" [Web Challenge]
![Leaking Passwords via CSS Injection - "Fancy Login Form" [WHY CTF 2025]](https://i.ytimg.com/vi/jUjlj2z5jJk/default.jpg)
Leaking Passwords via CSS Injection - "Fancy Login Form" [WHY CTF 2025]
![Manager [easy]: HackTheBox Mobile Challenge (APK Reversing / Traffic Analysis)](https://i.ytimg.com/vi/h6Lirx6mvUA/default.jpg)
Manager [easy]: HackTheBox Mobile Challenge (APK Reversing / Traffic Analysis)
![Overwriting RBP with an Off-by-One Buffer Overflow - Cake - [Intigriti 1337UP LIVE CTF 2022]](https://i.ytimg.com/vi/jU7yB-elFV8/default.jpg)
Overwriting RBP with an Off-by-One Buffer Overflow - Cake - [Intigriti 1337UP LIVE CTF 2022]
