CVE-2022-4510: Directory Traversal RCE in binwalk
A path traversal vulnerability (CVE-2022-4510) was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 (inclusive). This vulnerability allows remote attackers to execute arbitrary code on affected installations of binwalk. User interaction is required to exploit this vulnerability in that the target must open the malicious file with binwalk using extract mode (-e option). The issue lies within the PFS (obscure filesystem format found in some embedded devices) extractor plugin that was merged into binwalk in 2017. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #Vulnerability #CVE-2022-4510 #Pentesting #OffSec
↢Social Media↣
Twitter: https://twitter.com/_CryptoCat
GitHub: https://github.com/Crypto-Cat
HackTheBox: https://app.hackthebox.eu/profile/11897
LinkedIn: https://www.linkedin.com/in/cryptocat
Reddit: https://www.reddit.com/user/_CryptoCat23
YouTube: https://www.youtube.com/CryptoCat23
Twitch: https://www.twitch.tv/cryptocat23
↢Video-Specific Resources↣
https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk
https://lekensteyn.nl/files/pfs/pfs.txt
https://github.com/ReFirmLabs/binwalk/pull/617
↢Resources↣
Ghidra: https://ghidra-sre.org/CheatSheet.html
Volatility: https://github.com/volatilityfoundation/volatility/wiki/Linux
PwnTools: https://github.com/Gallopsled/pwntools-tutorial
CyberChef: https://gchq.github.io/CyberChef
DCode: https://www.dcode.fr/en
HackTricks: https://book.hacktricks.xyz/pentesting-methodology
CTF Tools: https://github.com/apsdehal/awesome-ctf
Forensics: https://cugu.github.io/awesome-forensics
Decompile Code: https://www.decompiler.com
Run Code: https://tio.run
↢Chapters↣
Start: 0:00
Overview: 0:41
PFS (pfstool): 1:50
Vulnerability Breakdown: 2:46
Exploitation Details: 4:20
Proof of Concept (PoC): 6:56
CTF Use Cases: 11:29
End: 12:10
-
1:01:35
Grant Stinchfield
2 hours agoKamala is a Wolf. Arresting Mother's with Sick Daughters!
4.06K7 -
1:57:54
The Charlie Kirk Show
2 hours agoKamala's Gambit: Flip North Carolina + Counting the Votes Correctly | Bowyer, Eyre, Bevan, Robbins
39K30 -
13:38
The Tulsi Gabbard Show
1 hour agoWhy We Left The Democrat Party, and Why You Should Too
4.89K7 -
14:42
Neil McCoy-Ward
1 hour ago🚨 A Devastating Weekend of Absolute CARNAGE (Severe Escalations As Leaders Call For CALM)
2.45K3 -
58:19
The Dan Bongino Show
6 hours agoIs It Going To Happen Again? (Ep. 2334) - 09/23/2024
578K2.06K -
1:04:34
The Rubin Report
3 hours agoPiers Morgan Visibly Shocked When Jordan Peterson Said This About Trump
62.9K45 -
1:50:57
Benny Johnson
3 hours ago🚨DOJ Releases Trump Assassination BOUNTY Of $150K to 'Complete The Job' | Feds Trying To KILL Trump
70.6K123 -
1:06:00
Trumpet Daily
3 hours agoVindicating Trump: A Conversation With Dinesh D'Souza - Trumpet Daily - September 23, 2024
17.1K5 -
1:09:36
Steven Crowder
5 hours agoHow Mug Club Undercover just turned New York Red | LIVE from City Hall
266K476 -
31:39
Rethinking the Dollar
3 hours agoFed in Full Panic Mode: The Truth Exposed In The Gold & Silver Price! w/ Paul Stone
24.7K4