As you may know, I am attempting to rise above the level of script kiddie knowledge of backtrack, metasploit, and indeed hacking.
my current roadblock is I believe, privilege escalation. I am working on a vulnerable vm where I have gained user level privileges. I have researched possible vulnerabilities and exploit code. Problem: I have always used metasploit to deliver code. I have no idea how to manually exploit a service or cause a desirable condition. Also, I don't understand the source code so I can understand it and what it does, how to use it to exploit the vulnerability.
I have done some research, I am reading the Wikipedia article on shellcode (dont laugh) and it states:
"Injecting the shellcode is often done by storing the shellcode in data sent over the network to the vulnerable process, by supplying it in a file that is read by the vulnerable process or through the command line or environment in the case of local exploits."
I take this to mean injecting the code into packets that are read by a vulnerable application and the code is executed(remote exploit?), or the same through a file(how do I get the file on the system?), or somehow causing the required condition on the local machine. (how?)
So can anyone help me out here? point me in the right direction?