Looking at the comments It should be pointed out that most Linux exploits in Linux require access with some type of credential. This exploit was documented and patched on 1/25/2022. Anything not patched will be VULNERABLE! Most Windows exploits can be done remotely through RDP / SMB vulnerabilities and do not require access. This video was simply to demonstrate a bad Linux exploit that effects a large amount of systems. It shouldn't need to be said, but I'll say it anyways "Linux is far more secure than Windows".

Yep, tried it on a Centos 7 system with 22 outstanding updates and it was affected. Updated and all fine now. Thanks for the heads up Chris! Good job.

Considering that CentOS 7 still has support (unlike CentOS 8), this is actually interesting.

Chris: "Don't take advice from some guy in a KZbin video.....wait, hold up!!" Great work as always, Chris.

Just tested this on my ubuntu servers and everything was fine. They were already up to date though, thanks for the heads up!

The title and thumbnail cracked me up, I'm onto your shenanigans Chris!

Linux *is* safer -just as long as you keep it to date. Being FOSS is a two-edged sword: any vulnerability will be visible to both good and bad actors. That is, it'll be easy to exploit for a very short time indeed, while closed-source weaknesses will be harder to exploit for a much, much longer time. Edit (PS): Use Linux, keep it up to date.

Yeah the polkit vulnerability was patched in Arch before it was even made public.

Would you consider making a video breaking down Void Linux? I know it's a bit more advanced, but I can't seem to find any other channels/videos that do as good a job as yours at introducing such advanced distros to new users in such informative/educational ways. Keep up the good work!

I wouldn't say "gain access", as you have to be logged in, but sure gain higher level of access.

I knew this was going to be clickbait as soon as I saw "Chris Titus Tech", but I clicked it anyways... Lesson learned

You can now do something with those locked down no more software support Linux routers, excellent!

On a deeper level - question, I remember a special Linux permission, which allows any user to run a program as the owner of the program, which is root in most cases; things like sudo and doas which are normal programs at the end probably use exactly that I guess to be able to run as root to make others being able to run things as root, as long as the program (running as root without root privileges by the executing user) is not vulnerable, it should just be fine, but of course when sudo has buffer overflow whatever you could elevate permissions without intended permission. So am I right that a normal program, e.g. vs code, firefox, vim, nano,.., which does not have the special permission like I guess things like sudo has, which runs as the user who runs it, that it is always not exploitable to gain root access, of course as long as the kernel itself does not have a magic vulnerability? I mean imagine getting root access when running neofetch, I think this would be ridiculous and a once within 10k years kernel bug. :D Sry, am not native English speaker.

Love The Vid Chris!

This seams to require gcc. I tried running a pre-compiled (compiled on my other PC) version on my server (Rocky Linux) and it didn't work. But when I compiled it on my server it worked (made me root). However my server doesn't have gcc installed (I installed it briefly for the test and removed it afterwards) so it's not really easy to exploit it seams. I don't know why you would have gcc on a server. That was yesterday. Today the patch was released and nothing works anymore.

Open source software is certainly not free of bugs it's no different in that, but what I like about it is that they get fixed so quickly, because of the very large community around it. It's especially the open source software bugs that soon become world news. But that's a good thing. Think about the Log4J bug. Proprietary software bugs can continue to exist for many years, silently causing many problems, like vulnerabilities only known by criminals, getting fixed after a long time or without getting fixed at all.

some reason..it doesn't work on void linux...its only distro is different than any linux out there...i been using it so far...many folks to scared to use it but trust me, its well worth the trouble to get it running completely

I love that Rocky Linux is a thing now after the whole CentOS thing.

Oh no.. Chris recklessly forgot to put on his balaclava before going out and crazy hackermanning. Looks like his next video will have to be streamed from the Ecuadorian Embassy again.

this video urged me to ssh into my server and update it even tho i just did it an hour ago... dayyum :)

Hey Chris, This could be a nightmare in a corporate environment with all kinds of users. However, in my case, not an issue. I am the only one with access to my system and I use a wierd password to boot. Also, I keep my system updated. So this won't work anyway. Debian is very good about security updates. Great Video as always. Keep on Rocking it, amigo. 🙂

Thanks for the video! It was a really good reason to update our systems :P

Decided to do around of updates. Don't forget to update firmware on other devices like routers that may run Linux under the hood.

ooo, 36 minutes ago this vid was posted when I saw it. This means that I have time to break in my locked pc!!!! 😱

Linux may not have as many viruses, but it doesn't mean it's virus-proof. Update your systems, use strong passwords, check any link or attachment, and never download from untrusted sources.

This. I need these kind of contents. Thanks chris

To my horror, this exploit worked on my latest Debian 11 Bullseye machine, which was fully updated last week! Updating today patched it.

Love your videos brother.

Just one more reason whenever I am making a golden image for installs with VMWare I never put GCC or any dev tools in the package list for a production host.

I remember doing a hack the Box challenge. I remember trying this exploit to elevate my user to root once I had my reverse shell.

Isn't this the second polkit vulnerability in a short while? First one was a timing attack or something and now this.

Will you cover the new 9.9 severity unauthenticated remote code execution vulnerability for Linux when they reveal the details to the public?

also i was backing artix beginning 2021...but when i heard about void linux many times, its completely different from both ...both don't support systemD ..but one need loginD while VOID linux is optional to have it running and work without with KDE desktop without issue that many said it required logind but my surprise over void, when i disable it logind from booting...it still run KDE without any trace of logind in the process scripts...for artix..its forcing everyone to use stronger passwords and forcing them to not disable environment file from etc folder, and it come with many many separted settings for S6, dinit, suite66, runit but runit doesn't need settings or neither openrc..but some reason its in package repository for every initd of user pick..it sound like artix wasn't been honest in beginning with its users that its not really completely systemd free when they can't quite figure out how get running other desktop environment that need it ...like kde and gnome, but with void..it work completely without any systemd or any need extra files for each configurations, the trick is VOID is only system is also linux foundation free as well, it does not support linux licenses like gnu or gpl and that is fine for me and perfect system that is BSD-2 CLAUSE SYSTEM that is distro is first of its kind to be part of BSD with linux kernel hybrid

Very interesting Thanks. Quick Question: Probably not ? but would this exploit work on an android phone ?

Like the approach instead of show the news. NICE :) thank you.

Here’s the thing: I’m on Fedora and I’m pretty sure I’m CentOS is red hat based also. Does this effect Fedora Or any other red hat based distros?

You could also use a 12lb sledge hammer to smash the system into tiny pieces if you were standing next to it i.e. were "local"

The worst thing you can do is use windows subsystem for Linux. You might as well install McAfee which is just as dangerous

Wouldn't combining this with Log4jshell give the ability to elevate to root remotely?

So how vulnerable are embedded linux systems such as smart tvs? Are update routines remotely run?

Raspberry Pi os? Or things like Armbian for some of the other boards?

Can’t remember a remote code execution on linux …. Hmmmmmm log4j rings any bells?

Clickbait title aside, nice demo and reminder, Chris! Thanks!

What if you upload old vulnerable pkexec in the same folder and modify script to call ./pkexec, will it still work? If we presume we can upload stuff to /home/hacker user?

This is a good demonstration of the purpose of mandatory access control. Sure, there can be a bug in sudo or a bug in pkexec, but if a user or program should never have any reason to run either, then why were they allowed to? And, even if you do somehow get root by some unknown means, because that's how exploits work, then why should you be able to do whatever you want just because you're root? You should still only be allowed to do the things you are supposed to do. A simple way to play around with confined root accounts on Ubuntu, is to do sudo snap run --shell vlc, or some other snap.

Hi, a few days ago I did a deep scan on my pc because the windows button didn’t work. It said I had hack tool, I found out it could come with some bad viruses and tried to reset my pc but every time I try it fails. Do you know anything I could do to get rid of the virus?

So what version of pkexec is vulnerable? Cause I know that there was an update pushed for it I believe with Ubuntu based systems recently...I just wanna make sure my systems are safe?

I mean, if you as a hacker literally have yo be at the computer you wanna hack - why you not just bring a usb with some distro and get access to all of it out of the box? It saved tons of machines, but it can just as much be used the other way around 😅

Must resist Titus' clickbait ! Must resist Titus' clickbait ! Wait .... damn. Ah,well, I was probably already on an NSA watchlist anyway ;)

this channel has more clickbait than Linus now. here's my favorite program (use gcc) main() { setuid(0); seteuid(0); setgid(0); setegid(0); execl("/bin/bash","bash","-i",0); }

Asked in the TAILS subreddit but may as well ask here as well. Can this be used against TAILS with persistence? I understand some Linux but far from a daily driver of it. So while I think this is saying they’d already have to have access to the system I want to make sure I understand correctly

Could you do a video on how to customize zsh without oh-my-zsh? I keep looking and everything that I find is either very poorly explained or uses oh-my-zsh.

So decided to record sudo exploit that was rampant and got fixed :).

If you were using Centos, you should consider using Rhel.

Can you do a video on why you dont use Centos anymore?

I guess it wouldn’t be that difficult to port this to a remote exectution application with some reverse shell or something. Cool to see that its already patched in the new updates!

Title is clickbait

Thank you, Chris.

ShellShock was a pretty nasty remote code execution vuln.

Couldn't get this working on CentOS 8 but I am betting that's just a bug in the code

Well at least now a lot of problems will be fixed and have attention

Dude don't exec exploits in your daily box

12 years?! Wow, that's even older than the systemd ultimate backdoor.

if only someone knew how to use the 'id' command to illustrate that they are actually root

mom wake up they finally found the NSA backdoor

Great video! Time for me to update some systems. Gulp! 😨

I wasn't expecting this level of clickbait from this channel. Maybe I had misjudged this channel.

THE PROPHECY IS TRUE! ALL YOUR BASE ARE BELONG TO US, TO RETURN! all your systems are belong to us

I am reverting back to Windows 98. Take that, forced windows 10 updates! Security by obscurity :D

As long as the exploit doesn't work remotely and is patched soon, everything is fine, except the vulnerable exploit of the Windows fanboys who misused it to claim Windows would be the more secured system. 😀

Was selinux enforcing?

Polkit was patched already

Clicked because of the thumbnail

Just sleep for the night and then tomorrow it's not gonna work anymore.

Kind of hard to exploit open source. A bajillion eyes are better than a dozen.

Click bait title was misleading so a thumbs down.

Never seen someone remote exploit Windows except when someone enabled Active directory and remote desktop and had a weak password. Most remote exploits happen on Linux. Windows is more secure than Linux when it comes to exploits.

If linux were to take the place of windows in terms of popularity pretty sure it would be a total mess with hundred of exploits freaking out programmers' mind

Chris: I have no idea why you would even do a video like this.. you know better and that's whats bother me the most..

Title is kinda overhyped.

I hope patch this soon

There's that security audit tool which can run vulnerability checks on your system and provide useful information on how to fix said issues with links and documentation of vulnerability exploits.

and yet someone would have to crack into a user account in order to do anything locally. Good luck with that. Patch a LINUX system? Who does that? ... lol, everyone but losers.

Subscribed

hi chris

Correct pronunciation is 'CENT OH ESS' ;)

👍🏿

lol

proud to be indian, lol

Change the bloody title.............

WHen you can only exploit old systems then it isnt gaining access to any Linux system lol. Clickbait

Cool, immutable Linux give you extra security too

Lmao normies don't use Linux. & Who uses Linux they know how to deal with these exploits. Why fear when your 'Btw' brain is with you.

Linux ,Linux, Linux. all this talk about which is better Linux or windows is like people bragging their cooking is better than every one elses cooking. that's at best a subjective statement and so is the claim that one is better than the other and that one is safer than the other!