Link to home
Start Free TrialLog in
Avatar of clynch302
clynch302Flag for United States of America

asked on

Certified Pentester Exam - need assistance on compiling an exploit

So I am running through the practical exam of the CPT and I have a RedHat linux server vm. It is running kernel 2.4. I discovered in exploits-db.org there is - The Tim Hsu, 2005-01-27, “Linux Kernel 2.4 uselib() Privilege Elevation Exploit” - I have the source code but tried to compile it with gcc -o uselib uselib.c which results in includes not being found. I know this is an old code and I am using Kali Linux which is new but how would I be able to compile this to test on my vm?

Thanks
Avatar of evilrix
evilrix
Flag of United Kingdom of Great Britain and Northern Ireland image

A complete list of errors would be helpful. :)
Avatar of btan
btan

Dont really suggest you get exploit codes and compile for testing even in staging environment - you will lost visibility and control managing its "spread". Better to err on the safe side - we never know (and should not underestimate) its propagation  in the source. They are as-is with no promise of functionality or accuracy.

I do suggest metasploit (in Kali) and metasploitable (enviroment) instead. This exploit of interest if I am not wrong is as of CVE-2004-1235 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1235) and metasploit allows you to search the exploit list e.g. run search CVE-###.... (see under "...<CR_4.3>" https://cve.mitre.org/compatible/questionnaires/122.html) or likewise as a whole to see the total exploit listing by running  'show exploits' in the framework (http://www.offensive-security.com/metasploit-unleashed/Msfconsole_Commands#exploits)

For Metasploitable
...is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox. You can download the image file of Metasploitable 2 from sourceforge.
 
http://www.offensive-security.com/metasploit-unleashed/Requirements
Avatar of clynch302

ASKER

Thanks btan - I am familiar with Metasploit but I guess I need to research better, I did not know that was in the db. The environment I am working is provided by iacertification.org for testing purposes. So if I mess it up I can reload all the images with no harm done.  I am trying your advise now.
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I know it is old but like I said this is just for testing purposes. To learn. I tried looking in the metasploit db but it is not there so I guess I need to learn to import it.
sure understand your learning needs, which is why the link on importing will then be more appropriate for this 2004 exploit instance. Here is another on "Adobe Flash Player Shader Buffer Overflow". As much I see MS support rb and py
https://informationtreasure.wordpress.com/2014/07/25/add-new-exploits-to-metasploit-from-exploit-db/

Just a word of note, exploits are also not always 100%. Sometimes you may need to modify the exploit code, especially those found in the exploitdb database, to get them to work, and even then its not guarateed to work