CVE-2022-4510: Directory Traversal RCE in binwalk
A path traversal vulnerability (CVE-2022-4510) was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 (inclusive). This vulnerability allows remote attackers to execute arbitrary code on affected installations of binwalk. User interaction is required to exploit this vulnerability in that the target must open the malicious file with binwalk using extract mode (-e option). The issue lies within the PFS (obscure filesystem format found in some embedded devices) extractor plugin that was merged into binwalk in 2017. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Vulnerability #CVE-2022-4510 #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Video-Specific Resources↣
https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk
https://lekensteyn.nl/files/pfs/pfs.txt
https://github.com/ReFirmLabs/binwalk/pull/617
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Overview: 0:41
PFS (pfstool): 1:50
Vulnerability Breakdown: 2:46
Exploitation Details: 4:20
Proof of Concept (PoC): 6:56
CTF Use Cases: 11:29
End: 12:10
-
1:20:58
CryptoCat
2 years agoBinary Exploitation (Pwn) Challenge Walkthroughs - PicoCTF 2022 (BEGINNER-FRIENDLY Capture The Flag)
39 -
26:17
CryptoCat
1 year ago $0.01 earnedLeaking Secret Data with a Heap Overflow - "Leek" Pwn Challenge [Angstrom CTF 2023]
25 -
32:29
Tech With Tim
4 years agoBinary Search Tree Tutorial - Traversal, Creation and More
20 -
0:37
maxprisectech
1 year agoCOMMAND LINE LEARNING: pwd command.
5 -
2:50
ericntunctu
2 years agoLeetcode 257 Binary Tree Paths
2 -
8:58
AHMEDKAZEKA97
2 years ago14 - Basic File and Directory Management | LINUX COURSE
9 -
47:03
AllHackingCons
1 year agoThe DevSecOps Builders Guide to the CI CD PIPELINE
-
0:24
AlmarsGuides
2 months agoNorthern Crater Maze Ledge Puzzle - FF7 Walkthrough
-
1:14:02
infosectrain01
11 months agoDay - 2 Introduction to Kali Linux | Basic Linux Commands | File Management Commands
9 -
3:03
DIY Digital
7 months agoCreate Crouch Jump File In CS2 + Autoexec