Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Where do you find outdated services

From: thegnome at nmrc.org (Simple Nomad)
Date: Fri, 31 Mar 2006 15:44:51 -0600
On Friday 31 March 2006 15:10, H D Moore wrote:

There isn't a good answer to this. I keep a few external drives full of
evaluation software, but often resort to google searches to turn up old
software versions. The basic idea is to figure out the name of the
installer file, then throw some searches out, make a guess based on the
last modified date, and eventually install the different copies into a VM
to verify the versions.

If the vendor doesn't provide evaluation versions, you are out of luck
unless you can find old copies of the physical media. If you are really
desperate, you can often find old media for sale on eBay. Whether you are
legally allowed to install and use software you obtain this way is
another issue entirely. I picked up all of my old Solaris media off eBay
for less than $30 USD.


Sometimes a vendor will leave old copies of the program in the same directory 
as the new one. Between Google and carefully watching where you are 
downloading the "new" version from, sometimes you can find the old files 
especially if it is freeware. That is, if the new file downloads as 
http://someurl.com/files/bobsftpserver221.tgz and the old version was 2.20, 
it should be obvious what to try,

Also if the program is freeware or shareware, many of those annoying sites 
that house nothing but freeware surrounded by tons of ads will often leave 
multiple copies of older versions around.

If you are involved in security research, write to the company and ask for a 
copy of the old version for testing purposes. This is kind of a plan C 
approach, but when the boss wants a vulnerability scan written that detects 
the old version, it doesn't hurt to ask. It helps to do it from your work 
account instead of your evil hacker alias mail account, btw....

-SN
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060331/60cd681c/attachment.pgp>
Previous By Date Next
Previous By Thread Next

Current thread: