VehiclesFashionRecipesBlogsHuntTravelsSportFunHandmadeITEducation
Mini-Games
x

x
zakruti.com » IT - Software » IT, programs, coding
Gain access to any Linux system with this exploit - Chris Titus Tech

Gain access to any Linux system with this exploit - Chris Titus Tech

FBTwitterReddit

video description

Rating: 4.0; Vote: 1
Gain access to any Linux system with this exploit - Chris Titus Tech This 12-YEAR OLD EXPLOIT is bad... but you need to know about it and how to test for it! Here is how I use it to hack Linux systems. CVE-2021-4034 - Exploit with HIGH severity C Compile Script: haxx.in/files/blasty-vs-pkexec.c Exploit: Pwnkit Article: https://www.tomshardware.com/news/12-year-old-linux-vulnerability-found
Date: 2022-03-21

Comments and reviews: 10


also i was backing artix beginning 2021...but when i heard about void linux many times, its completely different from both ...both don't support systemD ..but one need loginD while VOID linux is optional to have it running and work without with KDE desktop without issue that many said it required logind but my surprise over void, when i disable it logind from booting...it still run KDE without any trace of logind in the process scripts...for artix..its forcing everyone to use stronger passwords and forcing them to not disable environment file from etc folder, and it come with many many separted settings for S6, dinit, suite66, runit but runit doesn't need settings or neither openrc..but some reason its in package repository for every initd of user pick..it sound like artix wasn't been honest in beginning with its users that its not really completely systemd free when they can't quite figure out how get running other desktop environment that need it ...like kde and gnome, but with void..it work completely without any systemd or any need extra files for each configurations, the trick is VOID is only system is also linux foundation free as well, it does not support linux licenses like gnu or gpl and that is fine for me and perfect system that is BSD-2 CLAUSE SYSTEM that is distro is first of its kind to be part of BSD with linux kernel hybrid
reply

On a deeper level - question, I remember a special Linux permission, which allows any user to run a program as the owner of the program, which is root in most cases; things like sudo and doas which are normal programs at the end probably use exactly that I guess to be able to run as root to make others being able to run things as root, as long as the program (running as root without root privileges by the executing user) is not vulnerable, it should just be fine, but of course when sudo has buffer overflow whatever you could elevate permissions without intended permission. So am I right that a normal program, e.g. vs code, firefox, vim, nano,.., which does not have the special permission like I guess things like sudo has, which runs as the user who runs it, that it is always not exploitable to gain root access, of course as long as the kernel itself does not have a magic vulnerability?
I mean imagine getting root access when running neofetch, I think this would be ridiculous and a once within 10k years kernel bug. :D
Sry, am not native English speaker.

reply

This is a good demonstration of the purpose of mandatory access control. Sure, there can be a bug in sudo or a bug in pkexec, but if a user or program should never have any reason to run either, then why were they allowed to? And, even if you do somehow get root by some unknown means, because that's how exploits work, then why should you be able to do whatever you want just because you're root? You should still only be allowed to do the things you are supposed to do. A simple way to play around with confined root accounts on Ubuntu, is to do sudo snap run --shell vlc, or some other snap.
reply

Looking at the comments It should be pointed out that most Linux exploits in Linux require access with some type of credential. This exploit was documented and patched on 1/25/2022. Anything not patched will be VULNERABLE!
Most Windows exploits can be done remotely through RDP / SMB vulnerabilities and do not require access.
This video was simply to demonstrate a bad Linux exploit that effects a large amount of systems. It shouldn't need to be said, but I'll say it anyways -Linux is far more secure than Windows-.

reply

Open source software is certainly not free of bugs it's no different in that, but what I like about it is that they get fixed so quickly, because of the very large community around it.
It's especially the open source software bugs that soon become world news. But that's a good thing. Think about the Log4J bug.
Proprietary software bugs can continue to exist for many years, silently causing many problems, like vulnerabilities only known by criminals, getting fixed after a long time or without getting fixed at all.

reply

This seams to require gcc. I tried running a pre-compiled (compiled on my other PC) version on my server (Rocky Linux) and it didn't work. But when I compiled it on my server it worked (made me root). However my server doesn't have gcc installed (I installed it briefly for the test and removed it afterwards) so it's not really easy to exploit it seams. I don't know why you would have gcc on a server.
That was yesterday. Today the patch was released and nothing works anymore.

reply

Please help me!
I did Critus Titus Tech debloat script and no probs with it. Only thing I want removed is the -Managed By Your Organization- thing on Microsoft Edge. I can't see suggested searches nor toggle them on. Some settings are turned off and I can't enable. Please tell me how to fix this for Microsoft Edge.

reply

Hi, a few days ago I did a deep scan on my pc because the windows button didn-t work. It said I had hack tool, I found out it could come with some bad viruses and tried to reset my pc but every time I try it fails. Do you know anything I could do to get rid of the virus?
reply

some reason..it doesn't work on void linux...its only distro is different than any linux out there...i been using it so far...many folks to scared to use it but trust me, its well worth the trouble to get it running completely
reply

In what universe does local privilege escalation -Gain access to any Linux system- ? One where you magically have login access to all Linux systems?
Newsflash; We don't live in that universe, Chris.

reply
Add a review, comment






Other channel videos