Gain access to any Linux system with this exploit 

Looking at the comments It should be pointed out that most Linux exploits in Linux require access with some type of credential. This exploit was documented and patched on 1/25/2022. Anything not patched will be VULNERABLE! Most Windows exploits can be done remotely through RDP / SMB vulnerabilities and do not require access. This video was simply to demonstrate a bad Linux exploit that effects a large amount of systems. It shouldn't need to be said, but I'll say it anyways "Linux is far more secure than Windows".

Considering that CentOS 7 still has support (unlike CentOS 8), this is actually interesting.

Yep, tried it on a Centos 7 system with 22 outstanding updates and it was affected. Updated and all fine now. Thanks for the heads up Chris! Good job.

You can now do something with those locked down no more software support Linux routers, excellent!

Chris: "Don't take advice from some guy in a RU-vid video.....wait, hold up!!" Great work as always, Chris.

Would you consider making a video breaking down Void Linux? I know it's a bit more advanced, but I can't seem to find any other channels/videos that do as good a job as yours at introducing such advanced distros to new users in such informative/educational ways. Keep up the good work!

Just tested this on my ubuntu servers and everything was fine. They were already up to date though, thanks for the heads up!

Yeah the polkit vulnerability was patched in Arch before it was even made public.

Linux *is* safer -just as long as you keep it to date. Being FOSS is a two-edged sword: any vulnerability will be visible to both good and bad actors. That is, it'll be easy to exploit for a very short time indeed, while closed-source weaknesses will be harder to exploit for a much, much longer time. Edit (PS): Use Linux, keep it up to date.

Love The Vid Chris!

The title and thumbnail cracked me up, I'm onto your shenanigans Chris!

I wouldn't say "gain access", as you have to be logged in, but sure gain higher level of access.

Thanks for the video! It was a really good reason to update our systems :P

There's that security audit tool which can run vulnerability checks on your system and provide useful information on how to fix said issues with links and documentation of vulnerability exploits.

This. I need these kind of contents. Thanks chris

I knew this was going to be clickbait as soon as I saw "Chris Titus Tech", but I clicked it anyways... Lesson learned

This seams to require gcc. I tried running a pre-compiled (compiled on my other PC) version on my server (Rocky Linux) and it didn't work. But when I compiled it on my server it worked (made me root). However my server doesn't have gcc installed (I installed it briefly for the test and removed it afterwards) so it's not really easy to exploit it seams. I don't know why you would have gcc on a server. That was yesterday. Today the patch was released and nothing works anymore.

Very interesting Thanks. Quick Question: Probably not ? but would this exploit work on an android phone ?

In what universe does local privilege escalation "Gain access to any Linux system" ? One where you magically have login access to all Linux systems? Newsflash; We don't live in that universe, Chris.

So how vulnerable are embedded linux systems such as smart tvs? Are update routines remotely run?

On a deeper level - question, I remember a special Linux permission, which allows any user to run a program as the owner of the program, which is root in most cases; things like sudo and doas which are normal programs at the end probably use exactly that I guess to be able to run as root to make others being able to run things as root, as long as the program (running as root without root privileges by the executing user) is not vulnerable, it should just be fine, but of course when sudo has buffer overflow whatever you could elevate permissions without intended permission. So am I right that a normal program, e.g. vs code, firefox, vim, nano,.., which does not have the special permission like I guess things like sudo has, which runs as the user who runs it, that it is always not exploitable to gain root access, of course as long as the kernel itself does not have a magic vulnerability? I mean imagine getting root access when running neofetch, I think this would be ridiculous and a once within 10k years kernel bug. :D Sry, am not native English speaker.

What if you upload old vulnerable pkexec in the same folder and modify script to call ./pkexec, will it still work? If we presume we can upload stuff to /home/hacker user?

Love your videos brother.

Oh no.. Chris recklessly forgot to put on his balaclava before going out and crazy hackermanning. Looks like his next video will have to be streamed from the Ecuadorian Embassy again.

this video urged me to ssh into my server and update it even tho i just did it an hour ago... dayyum :)

Like the approach instead of show the news. NICE :) thank you.

Open source software is certainly not free of bugs it's no different in that, but what I like about it is that they get fixed so quickly, because of the very large community around it. It's especially the open source software bugs that soon become world news. But that's a good thing. Think about the Log4J bug. Proprietary software bugs can continue to exist for many years, silently causing many problems, like vulnerabilities only known by criminals, getting fixed after a long time or without getting fixed at all.

Hi, a few days ago I did a deep scan on my pc because the windows button didn’t work. It said I had hack tool, I found out it could come with some bad viruses and tried to reset my pc but every time I try it fails. Do you know anything I could do to get rid of the virus?

So what version of pkexec is vulnerable? Cause I know that there was an update pushed for it I believe with Ubuntu based systems recently...I just wanna make sure my systems are safe?

Raspberry Pi os? Or things like Armbian for some of the other boards?

Hey Chris, This could be a nightmare in a corporate environment with all kinds of users. However, in my case, not an issue. I am the only one with access to my system and I use a wierd password to boot. Also, I keep my system updated. So this won't work anyway. Debian is very good about security updates. Great Video as always. Keep on Rocking it, amigo. 🙂

I remember doing a hack the Box challenge. I remember trying this exploit to elevate my user to root once I had my reverse shell.

Isn't this the second polkit vulnerability in a short while? First one was a timing attack or something and now this.

Here’s the thing: I’m on Fedora and I’m pretty sure I’m CentOS is red hat based also. Does this effect Fedora Or any other red hat based distros?

I love that Rocky Linux is a thing now after the whole CentOS thing.

ooo, 36 minutes ago this vid was posted when I saw it. This means that I have time to break in my locked pc!!!! 😱

some reason..it doesn't work on void linux...its only distro is different than any linux out there...i been using it so far...many folks to scared to use it but trust me, its well worth the trouble to get it running completely

Decided to do around of updates. Don't forget to update firmware on other devices like routers that may run Linux under the hood.

Thank you, Chris.

Could you do a video on how to customize zsh without oh-my-zsh? I keep looking and everything that I find is either very poorly explained or uses oh-my-zsh.

Asked in the TAILS subreddit but may as well ask here as well. Can this be used against TAILS with persistence? I understand some Linux but far from a daily driver of it. So while I think this is saying they’d already have to have access to the system I want to make sure I understand correctly

also i was backing artix beginning 2021...but when i heard about void linux many times, its completely different from both ...both don't support systemD ..but one need loginD while VOID linux is optional to have it running and work without with KDE desktop without issue that many said it required logind but my surprise over void, when i disable it logind from booting...it still run KDE without any trace of logind in the process scripts...for artix..its forcing everyone to use stronger passwords and forcing them to not disable environment file from etc folder, and it come with many many separted settings for S6, dinit, suite66, runit but runit doesn't need settings or neither openrc..but some reason its in package repository for every initd of user pick..it sound like artix wasn't been honest in beginning with its users that its not really completely systemd free when they can't quite figure out how get running other desktop environment that need it ...like kde and gnome, but with void..it work completely without any systemd or any need extra files for each configurations, the trick is VOID is only system is also linux foundation free as well, it does not support linux licenses like gnu or gpl and that is fine for me and perfect system that is BSD-2 CLAUSE SYSTEM that is distro is first of its kind to be part of BSD with linux kernel hybrid

Just one more reason whenever I am making a golden image for installs with VMWare I never put GCC or any dev tools in the package list for a production host.

I guess it wouldn’t be that difficult to port this to a remote exectution application with some reverse shell or something. Cool to see that its already patched in the new updates!

Wouldn't combining this with Log4jshell give the ability to elevate to root remotely?

If you were using Centos, you should consider using Rhel.

You could also use a 12lb sledge hammer to smash the system into tiny pieces if you were standing next to it i.e. were "local"

So decided to record sudo exploit that was rampant and got fixed :).

ShellShock was a pretty nasty remote code execution vuln.

Can you do a video on why you dont use Centos anymore?

Linux may not have as many viruses, but it doesn't mean it's virus-proof. Update your systems, use strong passwords, check any link or attachment, and never download from untrusted sources.

I am reverting back to Windows 98. Take that, forced windows 10 updates! Security by obscurity :D

Great video! Time for me to update some systems. Gulp! 😨

Must resist Titus' clickbait ! Must resist Titus' clickbait ! Wait .... damn. Ah,well, I was probably already on an NSA watchlist anyway ;)

Clickbait title aside, nice demo and reminder, Chris! Thanks!

To my horror, this exploit worked on my latest Debian 11 Bullseye machine, which was fully updated last week! Updating today patched it.

mom wake up they finally found the NSA backdoor

Well at least now a lot of problems will be fixed and have attention

Couldn't get this working on CentOS 8 but I am betting that's just a bug in the code

Can’t remember a remote code execution on linux …. Hmmmmmm log4j rings any bells?

12 years?! Wow, that's even older than the systemd ultimate backdoor.

Title is clickbait

I mean, if you as a hacker literally have yo be at the computer you wanna hack - why you not just bring a usb with some distro and get access to all of it out of the box? It saved tons of machines, but it can just as much be used the other way around 😅

Was selinux enforcing?

if only someone knew how to use the 'id' command to illustrate that they are actually root

Subscribed

Dude don't exec exploits in your daily box

Clicked because of the thumbnail

As long as the exploit doesn't work remotely and is patched soon, everything is fine, except the vulnerable exploit of the Windows fanboys who misused it to claim Windows would be the more secured system. 😀

Just sleep for the night and then tomorrow it's not gonna work anymore.

this channel has more clickbait than Linus now. here's my favorite program (use gcc) main() { setuid(0); seteuid(0); setgid(0); setegid(0); execl("/bin/bash","bash","-i",0); }

THE PROPHECY IS TRUE! ALL YOUR BASE ARE BELONG TO US, TO RETURN! all your systems are belong to us

Polkit was patched already

Kind of hard to exploit open source. A bajillion eyes are better than a dozen.

Never seen someone remote exploit Windows except when someone enabled Active directory and remote desktop and had a weak password. Most remote exploits happen on Linux. Windows is more secure than Linux when it comes to exploits.

👍🏿

Chris: I have no idea why you would even do a video like this.. you know better and that's whats bother me the most..

Title is kinda overhyped.

This is a good demonstration of the purpose of mandatory access control. Sure, there can be a bug in sudo or a bug in pkexec, but if a user or program should never have any reason to run either, then why were they allowed to? And, even if you do somehow get root by some unknown means, because that's how exploits work, then why should you be able to do whatever you want just because you're root? You should still only be allowed to do the things you are supposed to do. A simple way to play around with confined root accounts on Ubuntu, is to do sudo snap run --shell vlc, or some other snap.

I wasn't expecting this level of clickbait from this channel. Maybe I had misjudged this channel.

hi chris

I hope patch this soon

Click bait title was misleading so a thumbs down.

If linux were to take the place of windows in terms of popularity pretty sure it would be a total mess with hundred of exploits freaking out programmers' mind

lol

proud to be indian, lol

Correct pronunciation is 'CENT OH ESS' ;)

Cool, immutable Linux give you extra security too

and yet someone would have to crack into a user account in order to do anything locally. Good luck with that. Patch a LINUX system? Who does that? ... lol, everyone but losers.

WHen you can only exploit old systems then it isnt gaining access to any Linux system lol. Clickbait

Lmao normies don't use Linux. & Who uses Linux they know how to deal with these exploits. Why fear when your 'Btw' brain is with you.

Linux ,Linux, Linux. all this talk about which is better Linux or windows is like people bragging their cooking is better than every one elses cooking. that's at best a subjective statement and so is the claim that one is better than the other and that one is safer than the other!

Change the bloody title.............