gdb
GNU debugger. Can execute arbitrary shell commands via the 'shell' command, call library functions directly, and load shared libraries — making it a code execution primitive.
Binary Paths
/usr/bin/gdb/bin/gdb
Glob Patterns
| Pattern | Notes |
|---|---|
g?b
|
Single wildcard replaces 'd' |
gd[b]
|
Character class on last char |
/usr/bin/g?b
|
Full path with wildcard |
/???/bin/g?b
|
Obfuscate /usr/ and 'd' in gdb |
$(ls /usr/bin/g?b)
|
ls resolves glob to /usr/bin/gdb; command substitution executes it |
$'\x67\x64\x62'
|
ANSI-C hex escapes expand to 'gdb' |
Pattern Tester
$
Try typing gdb or a full path like /usr/bin/gdb
YARA Rule
Auto-generated detection rule for gdb
Platform Notes
gdb can run shell commands with gdb -batch -ex 'shell whoami'. It can also call C functions directly: gdb -batch -ex 'call system("id")'. If gdb has SUID or sudo permissions, it becomes a privilege escalation path. GTFOBins documents gdb as a file read/write and shell escape vector.