Skip to content
/ shuid Public

Nim project for Persistence & Privesc using S(hadow)UIDs files 👤

License

Unlicense license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ariary/shuid

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits

img

img

 
 

src

src

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

TRICK.md

TRICK.md

 
 

build.sh

build.sh

 
 

build_c_interpreter.sh

build_c_interpreter.sh

 
 

build_go_interpreter.sh

build_go_interpreter.sh

 
 

shuid.nimble

shuid.nimble

 
 

Repository files navigation

*«shuid» stands for shadow SUID file 
Privileged persistence 

without using noisy and detectable SUID 

using binfmt Kernel feature instead
Also a good way to learn Nim and something new
👁️ Persistence demo
demo

Note: You are now able to make the SUID file run w/o changing its normal behavior with the go interpreter (./build.sh [PAYLOAD] [RULE_NAME] go)

Like at home! 🏡 (persistence)

  • Build shuid (needs nim + go or gcc):
    ./build.sh [PERSISTENCE_CMD] [RULE_NAME] [INTERPRETER_LANG]

    # [INTERPRETER_LANG]=go or c or nim (go is best for now)
  • Transfer it on target
  • Run it!
    sudo ./shuid

And that's all, you are under the radar. The process to trigger the persistence payload will be outputted

Road to root! 🛣 (privesc)

Under certain circumstances, the trick can be used to gain elevated privileged. You can test it with:

./shuid --privesc

Understand the trick

All credits goes to Dor Dankner, toffan and uco2KFH

About

Nim project for Persistence & Privesc using S(hadow)UIDs files 👤

Topics

nim persistence pentest binfmt redteam redteam-tools

Resources

Readme

License

Unlicense license
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 2

v0.2.0 Latest
Aug 28, 2022
+ 1 release

Packages

No packages published

Languages