LINUX - DISTCC
- Layout for this exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdILQr0YsQGzim2PTreXpn2_OjUL_SwAzlaVhM80gs0rAYWgkPcecA_1C-8F5ZbQ8KD5Ze1DDb2MENReFj7wziohiDMJcZTKd3-DihKi7APVUP5o16KIr_zeJmf6JYFG3VF467uaxb1oeW/s1600/M2_LAYOUT.jpg)
- distcc is a program to distribute compilation or builds of C, C++, Objective C or Objective C++ code across several machines on a network. Metasploit provides an exploit to take control of a system running distcc:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLzW6sBnd7NyRV3LvgODb6ord-woVQNRqzs8ZjH9-0shb2TDLSXU3oRqOoxYC1MSXhl3Sj7Yjik_991fz_GnWgRQGUCd36cYt7fzl5OVeuWf4FdnC12ugj6ehuVB9-Or2ONsJNsjllP8Vi/s1600/screenshot.1.jpg)
- The payload cmd/unix/reverse triggers a reverse shell connection:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFH2U7EcHpDTyOPjhgr53hvl2DRg20inukDgJa_lQe8GjDSFfXf_oVFFQ0IuM3ZOzJHzOAkv_j5s-0Hmiw_xxWOgtstnp5WV2qC5VSRpERfjGAoBzv8PaygaSm1Bxq_F2e9JbgUOZgXzjA/s1600/screenshot.2.jpg)
- Required options are remote and local hosts:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8uyVFt7Pq22xHYtv8YWIAhYdp7XbC7v-OjHtiLdQxGXrP1IbYxnj-GkRG_qCUyXJSlzy1d7YBFn1na536fu8GTFWPVCjR4Wy4UiuKfx1y_v8rHLXlqmqfRfg3j0ttOINFyu_elzwLku0_/s1600/screenshot.3.jpg)
- Setting RHOST (victim) and LHOST (attacker):
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGehPZ3FFHEqi2vUXaNgHzyNGz4_XxIueED4oWc3wFavVbOO5A0AFWev6v80P9EOXw7JECARXFBPdywOlcdjPQjMAF0lz01J8Z9elVNX3iKxA3rhxqlqZ4vqCCZEPutzo4W4frEiYgRzbZ/s1600/screenshot.4.jpg)
- Launching the exploit, the result is a remote shell on the victim:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiavxHUmzYPw9GR3H4pLyyB1jCSboKb_XXjibffTJTlUERLEb8Iy4ERDGNGKexhXtvEdEHRCHhDfHRTE9C0Nx3AcaKZdx7KwO2HGB5zADXMgIUd2_aS-cduFmZPN0fnIdbEkgwNby0LJ57p/s1600/screenshot.5.jpg)