description
Interactive lab for exploiting and remediating Pwnkit (CVE-2021-4034) in the Polkit package

🖥 Pwnkit: CVE-2021-4034

{% embed url="https://tryhackme.com/room/pwnkit" %} https://tryhackme.com/room/pwnkit {% endembed %}

Room Attributes	Value
Subscription Required	False [Free]
Type	Walkthrough
Difficulty	Info
Tags	Polkit, Pwnkit, Linux, CVE-2021-4034

Task 1 - Info Introduction and Deploy!

Deploy the machine by clicking on the green "Deploy" button at the top of this task!

{% hint style="success" %} No answer needed {% endhint %}

Task 2 - Tutorial Background

Is Pwnkit exploitable remotely (Aye/Nay)?

Reveal Flag 🚩

🚩Nay

In which Polkit utility does the Pwnkit vulnerability reside?

Reveal Flag 🚩

🚩pkexec

Task 3 - Practical Exploitation

Read through the `cve-2021-4034-poc.c` file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!

{% hint style="success" %} No answer needed {% endhint %}

Exploit the vulnerability! What is the flag located at `/root/flag.txt`?

Reveal Flag 🚩

🚩THM{CONGRATULATIONS-YOU-EXPLOITED-PWNKIT}

[Bonus Question — Optional] Using the Qualys advisory and the repository linked in the task, try to write your own version of the Pwnkit exploit.

{% hint style="success" %} No answer needed {% endhint %}

Task 4 - Tutorial Remediations

Read the remediations task

{% hint style="success" %} No answer needed {% endhint %}

Patch the vulnerability on any Linux devices that you manage!

{% hint style="success" %} No answer needed {% endhint %}

Task 5 - Info Conclusion

I understand and can use Pwnkit!

{% hint style="success" %} No answer needed {% endhint %}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pwnkit-cve-2021-4034.md

pwnkit-cve-2021-4034.md

🖥 Pwnkit: CVE-2021-4034

Task 1 - Info Introduction and Deploy!

Deploy the machine by clicking on the green "Deploy" button at the top of this task!

Task 2 - Tutorial Background

Is Pwnkit exploitable remotely (Aye/Nay)?

In which Polkit utility does the Pwnkit vulnerability reside?

Task 3 - Practical Exploitation

Read through the `cve-2021-4034-poc.c` file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!

Exploit the vulnerability! What is the flag located at `/root/flag.txt`?

[Bonus Question — Optional] Using the Qualys advisory and the repository linked in the task, try to write your own version of the Pwnkit exploit.

Task 4 - Tutorial Remediations

Read the remediations task

Patch the vulnerability on any Linux devices that you manage!

Task 5 - Info Conclusion

I understand and can use Pwnkit!

Files

pwnkit-cve-2021-4034.md

Latest commit

History

pwnkit-cve-2021-4034.md

File metadata and controls

🖥 Pwnkit: CVE-2021-4034

Task 1 - Info Introduction and Deploy!

Deploy the machine by clicking on the green "Deploy" button at the top of this task!

Task 2 - Tutorial Background

Is Pwnkit exploitable remotely (Aye/Nay)?

In which Polkit utility does the Pwnkit vulnerability reside?

Task 3 - Practical Exploitation

Read through the cve-2021-4034-poc.c file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!

Exploit the vulnerability! What is the flag located at /root/flag.txt?

[Bonus Question — Optional] Using the Qualys advisory and the repository linked in the task, try to write your own version of the Pwnkit exploit.

Task 4 - Tutorial Remediations

Read the remediations task

Patch the vulnerability on any Linux devices that you manage!

Task 5 - Info Conclusion

I understand and can use Pwnkit!

Read through the `cve-2021-4034-poc.c` file and try to understand how it works. See if you can match this up with the Qualys security advisory and the explanation given in the previous task!

Exploit the vulnerability! What is the flag located at `/root/flag.txt`?