PwnFunction

Dangerous Code Hidden in Plain Sight for 12 years

CVE-2021-4034 codes for this exploitation

Local privilege escalation via pkexec

YouTube video

Run locally

make all && ./pwnkit && make clean

Run in docker

# Build the docker image
docker build -t pwnkit .

# Run the exploit
docker run -it pwnkit bash
make all && ./pwnkit && make clean

Detect using snyk-cli

snyk container test pwnkit:latest --file=Dockerfile

Resources

Qualys Security Advisory
argv silliness

Malicious Functions 3 codes

# include <stdio.h>
# include <string.h>

int main(int argc, char **argv){
 execvp(argv[1], &argv[1], 0);
}

----------------------------------------------------

# include <stdio.h>
# include <string.h>

int main(){
 char cmd[100], input[10];
 char *prefix = "zsh -c";

 strcpy(cmd, prefix);
 scanf("%3s", input);
 strncpy(cmd + strlen(cmd), input, 3);

 puts(cmd);

 system(cmd);

 return 0;
}

----------------------------------------------------

# include <stdio.h>
# include <string.h>

int main(){
 execvp("date");
}

Dangling File Descriptor codes

Malicious Deserializer codes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

6. Cybersecurity Red Team Hack The Box or Try Hack Me [SPECIALISATION].md

6. Cybersecurity Red Team Hack The Box or Try Hack Me [SPECIALISATION].md

PwnFunction

Dangerous Code Hidden in Plain Sight for 12 years

YouTube video

Run locally

Run in docker

Detect using snyk-cli

Resources

Malicious Functions 3 codes

Dangling File Descriptor codes

Malicious Deserializer codes

Files

6. Cybersecurity Red Team Hack The Box or Try Hack Me [SPECIALISATION].md

Latest commit

History

6. Cybersecurity Red Team Hack The Box or Try Hack Me [SPECIALISATION].md

File metadata and controls

PwnFunction

Dangerous Code Hidden in Plain Sight for 12 years

YouTube video

Run locally

Run in docker

Detect using snyk-cli

Resources

Malicious Functions 3 codes

Dangling File Descriptor codes

Malicious Deserializer codes