Adds more comprehensive check, updates build instructions

Author: msutovsky-r7

documentation/modules/exploit/linux/local/sudo_chroot_cve_2025_32463.md

@@ -3,14 +3,36 @@
 
 Sudo before version 1.9.14-1.9.17p1 allows user to use `chroot` option, when executing command. The option is intended to run a command with user-selected root directory (if sudoers file allow it). Change in version 1.9.14 allows resolving paths via `chroot` using user-specified root directory when sudoers is still evaluating. This allows the attacker to trick Sudo into loading arbitrary shared object. As target shared object, Name Service Switch (NSS) operations are trigged before resolving sudoers, but after running `chroot` syscall. The module requires existing session and requires compiler on target machine (e.g. `gcc`). 
 
-Installation of vulnerable sudo:
+## Installation
 
+1. Create `Dockerfile`:
 ```
-wget https://www.sudo.ws/dist/sudo-1.9.16p2.tar.gz && \
+# ----- Dockerfile -----
+FROM ubuntu:24.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && \
+    apt-get install -y build-essential wget libpam0g-dev libselinux1-dev zlib1g-dev \
+                       pkg-config libssl-dev git ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+
+WORKDIR /opt
+RUN wget https://www.sudo.ws/dist/sudo-1.9.16p2.tar.gz && \
     tar xzf sudo-1.9.16p2.tar.gz && \
     cd sudo-1.9.16p2 && \
     ./configure --disable-gcrypt --prefix=/usr && make && make install
+
+RUN useradd -m -s /bin/bash msfuser
+
+USER msfuser
+WORKDIR /home/msfuser
+
+CMD ["/bin/bash"]
 ```
+1. `docker build -t sudo-chroot .`
+1. `docker run -it --rm --privileged sudo-chroot`
+
 
 ## Verification Steps
 

modules/exploits/linux/local/sudo_chroot_cve_2025_32463.rb

@@ -69,8 +69,19 @@ def initialize(info = {})
     ]
   end
 
+  # borrowed from exploits/linux/local/sudo_baron_samedit.rb
+  def get_version
+    versions = {}
+    output = cmd_exec('sudo --version')
+    if output
+      version = output.split("\n").first.split(' ').last
+      versions[:sudo] = version if version =~ /^\d/
+    end
+    versions[:sudo].gsub(/p/, '.')
+  end
+
   def check
-    sudo_version = installed_package_version('sudo')
+    sudo_version = installed_package_version('sudo') || get_version
 
     return CheckCode::Unknown('Could not identify the version of sudo.') if sudo_version.blank?