CVE-2025-32463 PoC — Sudo 安全漏洞

Source

Associated Vulnerability

Description

Privilege escalation exploit for CVE-2025-32463 using a malicious NSS module injected via sudo -R. This version creates a stealth payload called illdeed, granting root access through a controlled chroot environment.

Readme

# CVE-2025-32463 — sudo -R Privilege Escalation Exploit (illdeed Variant)

This is a refactored proof-of-concept (PoC) exploit for [CVE-2025-32463](https://nvd.nist.gov/vuln/detail/CVE-2025-32463), a critical vulnerability in `sudo` versions 1.9.14 through 1.9.17 that allows **local privilege escalation to root** via `sudo -R` and a fake NSS module.

> ⚠️ This version creates a payload named `illdeed` for tracking and forensic testing.

## 💥 How It Works

- Creates a fake chroot directory with a custom `nsswitch.conf`
- Compiles a malicious `libnss_illdeed.so.2` shared object
- Executes arbitrary root commands using `sudo -R <fake_root>`
- Cleans up after execution unless `--no-clean` is passed

## ✅ Requirements

- Linux system with `sudo` 1.9.14 → 1.9.17
- `gcc` installed
- User with local shell access and ability to run `sudo -R` (no password required)

## 🚀 Usage

```bash
# Get an interactive root shell
./sudo-illdeed.sh

# Run a custom root command
./sudo-illdeed.sh "id && whoami && touch /root/illdeed.txt"

# Keep generated files for analysis
./sudo-illdeed.sh --no-clean
```

## 🔐 Disclaimer

This code is provided for educational and authorized security testing purposes only.
Do not use against systems you do not own or have explicit permission to test.

## 📚 Credits

Original PoC: Rich Mirch (Stratascale Cyber Research Unit)

Refactored variant: illdeed

File Snapshot

 [4.0K]  /data/pocs/aa5777bb5659b1fb470b5dde7c3fcc419f258e6e
├── [1.0K]  LICENSE
├── [1.4K]  README.md
├── [ 839]  sudo_illdeed_elite.sh
├── [1.6K]  sudo_illdeed.sh
└── [ 786]  sudo_illdeed_stealth.sh

0 directories, 5 files

Remarks