???<!-- GIF89;a -->
123123123123
.....................................................................................................................................???<!-- GIF89;a -->
123123123123
.....................................................................................................................................<br />
<b>Warning</b>:  Undefined variable $auth in <b>/home/elquintoelemento/public_html/admin.php</b> on line <b>546</b><br />
<br />
<b>Warning</b>:  Trying to access array offset on null in <b>/home/elquintoelemento/public_html/admin.php</b> on line <b>546</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent by (output started at /home/elquintoelemento/public_html/admin.php:1) in <b>/home/elquintoelemento/public_html/admin.php</b> on line <b>188</b><br />
<br />
<b>Warning</b>:  Cannot modify header information - headers already sent by (output started at /home/elquintoelemento/public_html/admin.php:1) in <b>/home/elquintoelemento/public_html/admin.php</b> on line <b>189</b><br />
/*
  Description: Simulate behavior of CVE-2025-32463 - sudo EoP via chroot.
               Possible future CTF challenge? :)
  gcc -Wall -o chwoot-demo chwoot-demo.c
  cp 4755 chwoot-demo
  mv chwoot-demo /usr/bin
  Then get a root shell as a low priv user
*/
#include <fcntl.h>
#include <unistd.h>
#include <sys/types.h>
#include <grp.h>
#include <netdb.h>

int main() {
    chdir("/tmp/stage");
    int saved_root = open("/",O_RDONLY);
    int saved_cwd = open(".",O_RDONLY);
    chroot("/tmp/stage");
    chdir("/");
    gethostbyname("woot");
    fchdir(saved_root);
    chroot(".");
    fchdir(saved_cwd);
    getgrnam("got root?");
}