Manual exploitation

Greetings again.

As you may know, I am attempting to rise above the level of script kiddie knowledge of backtrack, metasploit, and indeed hacking.

my current roadblock is I believe, privilege escalation. I am working on a vulnerable vm where I have gained user level privileges. I have researched possible vulnerabilities and exploit code. Problem: I have always used metasploit to deliver code. I have no idea how to manually exploit a service or cause a desirable condition. Also, I don't understand the source code so I can understand it and what it does, how to use it to exploit the vulnerability.

I have done some research, I am reading the Wikipedia article on shellcode (dont laugh) and it states:

"Injecting the shellcode is often done by storing the shellcode in data sent over the network to the vulnerable process, by supplying it in a file that is read by the vulnerable process or through the command line or environment in the case of local exploits."

I take this to mean injecting the code into packets that are read by a vulnerable application and the code is executed(remote exploit?), or the same through a file(how do I get the file on the system?), or somehow causing the required condition on the local machine. (how?)

So can anyone help me out here? point me in the right direction?

Checkout these articles. I found them helpful for starting to understand the process of discovering and writing exploits.
http://packetstormsecurity.org/files/author/7595/

There are also a ton of other resources on the internet that can help with this subject. There are also a ton of threads on this forum that could help point you in the right direction if you take the time to do some searching.

There are also videos: Video Groups

http://www.backtrack-linux.org/forum...backtrack.html

I really liked lupin's tutorials :)
They helped me a lot !