ToolsFebruary 9, 20262 min readby 0xt0pus

GDB

GNU Debugger for binary exploitation, reverse engineering, and debugging executables

#binary-exploitation#reverse-engineering#debugging

GDB (GNU Debugger)

Description

GNU Debugger used for binary exploitation and reverse engineering. Can be enhanced with gdb-gef (https://github.com/hugsy/gef) which provides many extra features for pwn workflows. Also useful for privilege escalation when the SUID bit is set on gdb.

Usage 1: Open a binary file in gdb

Load a binary for debugging and analysis.

Command:

gdb ./hello_world

Usage 2: Open a binary without the path prefix

Load a binary directly by name.

Command:

gdb login

Usage 3: List all functions in the binary

Display all available functions after loading a binary.

Command:

info functions

Usage 4: Disassemble the main function

View the assembly instructions of the main function.

Command:

disass main

Usage 5: Set a breakpoint at a specific offset in main

Pause execution at a particular instruction inside main.

Command:

break *main+150

Usage 6: Examine memory at a register offset

Inspect the value stored at a memory address relative to a register.

Command:

x $ebp-0xc

Usage 7: Set a variable value and run

Modify a variable in memory and continue execution.

Command:

set address = 1
run

Usage 8: SUID privilege escalation

When the SUID bit of gdb is set, it can be exploited for privilege escalation (refer to GTFOBins for the exact payload).

Context:

From OSCP Gaara machine -- the SUID bit of gdb was set, which can be exploited with the command given on the GTFOBins page.