^{*«shuid» stands for shadow SUID file}

Privileged persistence 

without using noisy and detectable SUID 

using binfmt Kernel feature instead
Also a good way to learn Nim and something new

👁️ Persistence demo

Note: You are now able to make the SUID file run w/o changing its normal behavior with the go interpreter (./build.sh [PAYLOAD] [RULE_NAME] go)

Like at home! 🏡 ^{(persistence)}

• Build shuid (needs nim + go or gcc):
  

  ./build.sh [PERSISTENCE_CMD] [RULE_NAME] [INTERPRETER_LANG]
  
  # [INTERPRETER_LANG]=go or c or nim (go is best for now) 

• Transfer it on target
• Run it!
  

  sudo ./shuid

And that's all, you are under the radar. The process to trigger the persistence payload will be outputted

Road to root! 🛣 ^(privesc)

Under certain circumstances, the trick can be used to gain elevated privileged. You can test it with:

./shuid --privesc

Understand the trick

^{All credits goes to Dor Dankner, toffan and uco2KFH}