I have seen numerous questions similar to the above with answers that relate to
ID: 654746 • Letter: I
Question
I have seen numerous questions similar to the above with answers that relate to elevation of privileges to those of root. the answer and example that silverlightfox has given is one of the better defined.
The issue I am having as I try to emulate this exploit is that within my VM installation of Linux Red Hat 2.4.xx with various exploits that list source code, is that my non-root privileges on the box will not allow for compiling (gcc is installed) or executing a binary file.
unless I am way off base here, the source coded (listed by silverlightfox) and other found across the net (exploit db, etc) must be compiled and run on the target machine.
if the non-root access you get (find the username and password, remote exploit, etc) will not allow compiling or running a binary file, what other options are there to 'exploit' the source code on the target machine? I would think that metasploit would handle the automation, but as much info as I have seen about running the binary file on the target machine makes me think I am doing something way wrong.
Explanation / Answer
You don't have to be root to compile and execute code. Presumably your configuration limits access to the necessary compilation toolchain such that your user can't do it.
Attackers can get around this by pre-compiling the necessary binaries or by dropping a pre-compiled compiler or interpreter of their own onto the system.
Best to start out by getting to know your system, your user environment, the tools necessary for carrying out your workflow, and how your local permissions affect it all. THEN move on to understanding how exploits work. Because unless you understand the basics, that stuff isn't going to help.