section .text
    global _start

_start:
    mov rax, 1          ; write
    mov rdi, 1
    lea rsi, [rel msg_start]
    mov rdx, msg_start_len
    syscall

    ; [+] Found SUID binary
    mov rax, 1
    mov rdi, 1
    lea rsi, [rel msg_suid]
    mov rdx, msg_suid_len
    syscall

    ; setuid(0)
    mov rax, 105
    xor rdi, rdi
    syscall

    ; setgid(0)
    mov rax, 106
    xor rdi, rdi
    syscall

    ; [+] Exploit successful!
    mov rax, 1
    mov rdi, 1
    lea rsi, [rel msg_root]
    mov rdx, msg_root_len
    syscall

    ; execve("/bin/sh", NULL, NULL)
    mov rax, 59
    lea rdi, [rel bin_sh]
    xor rsi, rsi
    xor rdx, rdx
    syscall

    ; 😂 PRANK!
    mov rax, 1
    mov rdi, 1
    lea rsi, [rel msg_prank]
    mov rdx, msg_prank_len
    syscall

    ; exit(0)
    mov rax, 60
    xor rdi, rdi
    syscall

msg_start db "🔥 INITIATING PRIVILEGE ESCALATION... 🔥", 10
msg_start_len equ $ - msg_start

msg_suid db "[+] Found SUID binary: /usr/bin/passwd (root privileges detected!)", 10
msg_suid_len equ $ - msg_suid

msg_root db "[+] Exploit successful! Root shell spawned!", 10
msg_root_len equ $ - msg_root

bin_sh db "/bin/sh", 0

msg_prank db "😂 APRIL FOOLS! You got pranked  no root for you! 😂", 10
msg_prank_len equ $ - msg_prank