Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ariary/shuid

Nim project for Persistence & Privesc using S(hadow)UIDs files 👤
https://github.com/ariary/shuid

binfmt nim pentest persistence redteam redteam-tools

Last synced: 24 days ago
JSON representation

Nim project for Persistence & Privesc using S(hadow)UIDs files 👤

Host: GitHub
URL: https://github.com/ariary/shuid
Owner: ariary
License: unlicense
Created: 2022-07-15T19:11:38.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-08-28T10:34:05.000Z (over 2 years ago)
Last Synced: 2024-11-11T03:36:21.638Z (3 months ago)
Topics: binfmt, nim, pentest, persistence, redteam, redteam-tools
Language: Nim
Homepage:
Size: 486 KB
Stars: 3
Watchers: 1
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        




^{*«shuid» stands for shadow SUID file}

Privileged persistence 


without using noisy and detectable SUID 


using binfmt Kernel feature instead

Also a good way to learn Nim and something new





|👁️ Persistence demo|

|:---:| 

|![demo](img/shuid-demo.gif)|

***Note:** You are now able to make the SUID file run w/o changing its normal behavior with the go interpreter (`./build.sh [PAYLOAD] [RULE_NAME] go`)*

## Like at home! 🏡 ^{(persistence)}

* Build `shuid` (needs `nim` + `go` or `gcc`):
./build.sh [PERSISTENCE_CMD] [RULE_NAME] [INTERPRETER_LANG] 


# [INTERPRETER_LANG]=go or c or nim (go is best for now) 

* Transfer it on target

* Run it!
sudo ./shuid


And that's all, you are under the radar. The process to trigger the persistence payload will be outputted

## Road to root! 🛣 ^(privesc)

Under certain circumstances, the trick can be used to gain elevated privileged. You can test it with:

```shell

./shuid --privesc

```

## [Understand the trick](TRICK.md)



^{All credits goes to Dor Dankner, toffan and uco2KFH}