# SUID Binary

suid-binary is used to model the following TTP in the SandWorm scenario:

Abuse Elevation Control Mechanism: Setuid and Setgid

Exaramel for Linux can execute commands with high privileges via a specific binary with setuid functionality.

# Quick Start

# build suid-binary
make

# upload suid-binary to target
How you get here is up to you

# once on target, switch to root, and set the suid bit
chown root:root suid-binary
chmod 4755 suid-binary

# switch to a low privilege user, and run suid-binary
./suid-binary /bin/sh

# Build Instructions

Use the 'make' utility as follows:

# build program
make

# Test Instructions

Test suid-binary with Python:

python3 test-suid-binary.py

# Usage Examples

# Assuming you've already uploaded suid-binary to target and set the SUID bit:
./suid-binary whoami

# Cleanup Instructions

Just delete suid-binary from disk:

rm suid-binary

# CTI Evidence

https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf