Currently doing a ctf challenge where a kernel image and a initramfs.cpio.gz were provided, running their run.sh results in a busybox environement.
So there's a binary that has it's suid bit set:
-rwsr-xr-x 1 root root 8752 Feb 6 09:26 target
And I manage to get it to drop a shell by using making it call execve("/bin/sh", argv=["/bin/sh"], envp=NULL). I won't get into the details here as it is pretty long.
I had to provide argv=["/bin/sh"] since bin/sh is actually just a link to busybox.
The point is that the binary actually spawns a shell, but I still have the old priviliges and not root priviliges. How is this possible when the shell runs under the root binary? Is there something I am missing? Any suggestions will be appreciated.