Elevate your privileges with Polkit.
First, I want to thank MuirlandOracle wich created the room Polkit: CVE-2021–3560 on TryHackMe. I wrote this article after doing the room, to help me more understand this vulnerability and to share you the details about it.
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of centralized system policy. It is developed and maintained by David Zeuthen from Red Hat and hosted by the freedesktop.org project.
According to the Polkit…
A Services based room, extracting information from HTTP Services and finding the hidden messages. This room was created by trb143.
Based on the Twins film, find the hidden keys.
Julius and Vincent have gone into the SERVICES market to try and get the family back together.
They have just deployed a new version of their code, but Vincent has messed up the deployment!
Can you help their mother find and recover the hidden keys and bring the family and girlfriends back together?
The first thing I did was to scan the IP with NMAP to learn more about the host…