https://github.com/ariary/shuid

Nim project for Persistence & Privesc using S(hadow)UIDs files 👤
https://github.com/ariary/shuid

binfmt nim pentest persistence redteam redteam-tools

Last synced: 3 months ago
JSON representation

Nim project for Persistence & Privesc using S(hadow)UIDs files 👤

• Host: GitHub
• URL: https://github.com/ariary/shuid
• Owner: ariary
• License: unlicense
• Created: 2022-07-15T19:11:38.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2022-08-28T10:34:05.000Z (almost 3 years ago)
• Last Synced: 2025-03-23T18:37:28.317Z (4 months ago)
• Topics: binfmt, nim, pentest, persistence, redteam, redteam-tools
• Language: Nim
• Homepage:
• Size: 486 KB
• Stars: 3
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        




*«shuid» stands for shadow SUID file

Privileged persistence 


without using noisy and detectable SUID 


using binfmt Kernel feature instead

Also a good way to learn Nim and something new





|👁️ Persistence demo|

|:---:| 

|![demo](img/shuid-demo.gif)|

***Note:** You are now able to make the SUID file run w/o changing its normal behavior with the go interpreter (`./build.sh [PAYLOAD] [RULE_NAME] go`)*

## Like at home! 🏡 (persistence)

* Build `shuid` (needs `nim` + `go` or `gcc`):
./build.sh [PERSISTENCE_CMD] [RULE_NAME] [INTERPRETER_LANG] 


# [INTERPRETER_LANG]=go or c or nim (go is best for now) 

* Transfer it on target

* Run it!
sudo ./shuid


And that's all, you are under the radar. The process to trigger the persistence payload will be outputted

## Road to root! 🛣 (privesc)

Under certain circumstances, the trick can be used to gain elevated privileged. You can test it with:

```shell

./shuid --privesc

```

## [Understand the trick](TRICK.md)





All credits goes to Dor Dankner, toffan and uco2KFH