Over my head

I learned about the inner workings of the Rage Against the Cage exploit. It abuses a flaw in the way ADB is executed, taking advantage of the fact that the process that spawns it doesn't actually check to see if it actually dropped the shell's permissions to those of a user. RAtC takes advantage of this by forking ADB into so many processes that RLIMIT_NPROC (the value that places a limit on how many processes a user can initiate) is reached. It then kills ADB and restarts it. It is created as root and then attempts to drop down to user's permissions but fails because there are too many threads already and continues to run as root, resulting in the attacker gaining root access to the system. I attempted to do the same process inside Ubuntu Linux with an intentionally vulnerable program, but found that I need more coding experience before I can effectively tackle such a difficult project.