DistCC 1.0.0 Remote Code Execution (CVE-2004-2687) with Manual and Metasploit Examples
HTML-код
- Опубликовано: 6 май 2022
- Distcc v1 RCE vulnerability exploitation. This video shows you how to recreate this exploit both manually and by using Metasploit.
"distcc is a program to distribute builds of C, C++, Objective C or Objective C++ code across several machines on a network. distcc should always generate the same results as a local build, is simple to install and use, and is usually much faster than a local compile."
More on distcc:
www.distcc.org/index.html
link to GitHub for the script used in the video:
gist.github.com/DarkCoderSc/4...
Link for Metasploitable VM:
sourceforge.net/projects/meta...
Link for Kali Linux:
www.kali.org/get-kali/
DISCLAIMER
All material provided on this video and this channel is intended for informational/educational purposes only and should not be performed
unless you have permission to do so. These videos are to be performed
within a virtual lab for ethical hacking education only. I am not responsible for any misuse, damages, and or loss of data due to misuse of this information.
Awesome! Thank you so much!
really good video!
very useful!! I'm doing my lab and I was stuck with some stderr. wasn't sure what to do next, I've tried set manual payload, but with no luck, and thanks to your advice to try other payloads it actually worked. so, you've made my day. thanks very much!!!
Glad it helped!
thank you so much for this!!! It seems entering a payload wasn`t always required for this module and has really confused why the exploit didn't run like the guides from earlier years showed
You’re welcome!
Awesome! Great Editing!
Thank you!
That was awesome! So helpful! Thanks!
Very good video. Anyway I would thank you really much if you can explain the Python script part by part because I want to understand how exactly this RCE is made of, didn’t found in the internet a full explanation of the vulnerability
Nice video. It would have been more useful if you could show how to escalate daemon's privileges to become root.
Is it possible to use Ubuntu 20 instead of Metasploitable2?
Sure, If you could install DistCC on it
@@officialexploitacademy I get an error saying exploit failed, connection refused. Could it be because I only installed distcc on the machine that is being attacked? Do I have to set up distcc for this exploit to work?
@@kamillorek6159 well it has to be the same version of DistCC and of course it has to be up and running to receive the exploit
@@officialexploitacademy Another question, do you have any solution to this exploit to stop it from working?
@@kamillorek6159 update DistCC. You shouldn’t be using this version, it’s severely outdated