Certified Pentester Exam - need assistance on compiling an exploit

So I am running through the practical exam of the CPT and I have a RedHat linux server vm. It is running kernel 2.4. I discovered in exploits-db.org there is - The Tim Hsu, 2005-01-27, “Linux Kernel 2.4 uselib() Privilege Elevation Exploit” - I have the source code but tried to compile it with gcc -o uselib uselib.c which results in includes not being found. I know this is an old code and I am using Kali Linux which is new but how would I be able to compile this to test on my vm?

Thanks
clynch302Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

evilrixSenior Software Engineer (Avast)Commented:
A complete list of errors would be helpful. :)
0
btanExec ConsultantCommented:
Dont really suggest you get exploit codes and compile for testing even in staging environment - you will lost visibility and control managing its "spread". Better to err on the safe side - we never know (and should not underestimate) its propagation  in the source. They are as-is with no promise of functionality or accuracy.

I do suggest metasploit (in Kali) and metasploitable (enviroment) instead. This exploit of interest if I am not wrong is as of CVE-2004-1235 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1235) and metasploit allows you to search the exploit list e.g. run search CVE-###.... (see under "...<CR_4.3>" https://cve.mitre.org/compatible/questionnaires/122.html) or likewise as a whole to see the total exploit listing by running  'show exploits' in the framework (http://www.offensive-security.com/metasploit-unleashed/Msfconsole_Commands#exploits)

For Metasploitable
...is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox. You can download the image file of Metasploitable 2 from sourceforge.
 
http://www.offensive-security.com/metasploit-unleashed/Requirements
0
clynch302Author Commented:
Thanks btan - I am familiar with Metasploit but I guess I need to research better, I did not know that was in the db. The environment I am working is provided by iacertification.org for testing purposes. So if I mess it up I can reload all the images with no harm done.  I am trying your advise now.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

btanExec ConsultantCommented:
to clarify I have not search for that particular CVE in the db per se but it does have capability to import CVE from exploit db or even 1337day, but have not been quite smooth "importing" for forum though. see http://lifeofpentester.blogspot.sg/2013/06/how-to-add-new-exploit-to-metasploit.html
if need to I am also thinking to explore into exploit kit having that CVE from contagio, but it may seems that the interested CVE is rather old already... http://contagiodump.blogspot.sg/2010/06/overview-of-exploit-packs-update.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
clynch302Author Commented:
I know it is old but like I said this is just for testing purposes. To learn. I tried looking in the metasploit db but it is not there so I guess I need to learn to import it.
0
btanExec ConsultantCommented:
sure understand your learning needs, which is why the link on importing will then be more appropriate for this 2004 exploit instance. Here is another on "Adobe Flash Player Shader Buffer Overflow". As much I see MS support rb and py
https://informationtreasure.wordpress.com/2014/07/25/add-new-exploits-to-metasploit-from-exploit-db/

Just a word of note, exploits are also not always 100%. Sometimes you may need to modify the exploit code, especially those found in the exploitdb database, to get them to work, and even then its not guarateed to work
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.