Certified Pentester Exam - need assistance on compiling an exploit

So I am running through the practical exam of the CPT and I have a RedHat linux server vm. It is running kernel 2.4. I discovered in exploits-db.org there is - The Tim Hsu, 2005-01-27, “Linux Kernel 2.4 uselib() Privilege Elevation Exploit” - I have the source code but tried to compile it with gcc -o uselib uselib.c which results in includes not being found. I know this is an old code and I am using Kali Linux which is new but how would I be able to compile this to test on my vm?

Thanks
clynch302Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

evilrixSenior Software Engineer (Avast)Commented:
A complete list of errors would be helpful. :)
btanExec ConsultantCommented:
Dont really suggest you get exploit codes and compile for testing even in staging environment - you will lost visibility and control managing its "spread". Better to err on the safe side - we never know (and should not underestimate) its propagation  in the source. They are as-is with no promise of functionality or accuracy.

I do suggest metasploit (in Kali) and metasploitable (enviroment) instead. This exploit of interest if I am not wrong is as of CVE-2004-1235 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1235) and metasploit allows you to search the exploit list e.g. run search CVE-###.... (see under "...<CR_4.3>" https://cve.mitre.org/compatible/questionnaires/122.html) or likewise as a whole to see the total exploit listing by running  'show exploits' in the framework (http://www.offensive-security.com/metasploit-unleashed/Msfconsole_Commands#exploits)

For Metasploitable
...is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox. You can download the image file of Metasploitable 2 from sourceforge.
 
http://www.offensive-security.com/metasploit-unleashed/Requirements
clynch302Author Commented:
Thanks btan - I am familiar with Metasploit but I guess I need to research better, I did not know that was in the db. The environment I am working is provided by iacertification.org for testing purposes. So if I mess it up I can reload all the images with no harm done.  I am trying your advise now.
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

btanExec ConsultantCommented:
to clarify I have not search for that particular CVE in the db per se but it does have capability to import CVE from exploit db or even 1337day, but have not been quite smooth "importing" for forum though. see http://lifeofpentester.blogspot.sg/2013/06/how-to-add-new-exploit-to-metasploit.html
if need to I am also thinking to explore into exploit kit having that CVE from contagio, but it may seems that the interested CVE is rather old already... http://contagiodump.blogspot.sg/2010/06/overview-of-exploit-packs-update.html

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
clynch302Author Commented:
I know it is old but like I said this is just for testing purposes. To learn. I tried looking in the metasploit db but it is not there so I guess I need to learn to import it.
btanExec ConsultantCommented:
sure understand your learning needs, which is why the link on importing will then be more appropriate for this 2004 exploit instance. Here is another on "Adobe Flash Player Shader Buffer Overflow". As much I see MS support rb and py
https://informationtreasure.wordpress.com/2014/07/25/add-new-exploits-to-metasploit-from-exploit-db/

Just a word of note, exploits are also not always 100%. Sometimes you may need to modify the exploit code, especially those found in the exploitdb database, to get them to work, and even then its not guarateed to work
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.