1. Enumerate services run as root: ps aux | grep "^root"
2. Try to get the version of the app (for eg mysqld --version) or dpkg -l | grep programname / rpm –qa | grep programname.
3. Search for exploit: searchsploit xx (or exploit-db)
4. Follow the instructions.