This repository is part of SentinelOne's research done by Dor Dankner, of privilege persistance using binfmt_misc
, which was named Shadow SUID.
Research Part I - https://www.sentinelone.com/blog/shadow-suid-for-privilege-persistence-part-1/
Research Part II - https://www.sentinelone.com/blog/shadow-suid-privilege-persistence-part-2/
The repository conatins the following files:
Looks for setuid file on your system, which has a unique 128 bytes header. That one can later be used as a legitimate setuid file for the shadow suid.
Install / Uninstall / List shadow suids.
Execute without paramteres to print the usage.
An example of a tiny possible interpreter for shadow suid.
Compile using: gcc interpreter_dummy.c -o interpreter
An example of an interpreter which doesn't interfere with the original suid executed.
Compile using: gcc interpreter_dummy.c -o interpreter