Metasploit mailing list archives
Where do you find outdated services
From: thegnome at nmrc.org (Simple Nomad)
Date: Fri, 31 Mar 2006 15:44:51 -0600
On Friday 31 March 2006 15:10, H D Moore wrote:
There isn't a good answer to this. I keep a few external drives full of evaluation software, but often resort to google searches to turn up old software versions. The basic idea is to figure out the name of the installer file, then throw some searches out, make a guess based on the last modified date, and eventually install the different copies into a VM to verify the versions. If the vendor doesn't provide evaluation versions, you are out of luck unless you can find old copies of the physical media. If you are really desperate, you can often find old media for sale on eBay. Whether you are legally allowed to install and use software you obtain this way is another issue entirely. I picked up all of my old Solaris media off eBay for less than $30 USD.
Sometimes a vendor will leave old copies of the program in the same directory as the new one. Between Google and carefully watching where you are downloading the "new" version from, sometimes you can find the old files especially if it is freeware. That is, if the new file downloads as http://someurl.com/files/bobsftpserver221.tgz and the old version was 2.20, it should be obvious what to try, Also if the program is freeware or shareware, many of those annoying sites that house nothing but freeware surrounded by tons of ads will often leave multiple copies of older versions around. If you are involved in security research, write to the company and ask for a copy of the old version for testing purposes. This is kind of a plan C approach, but when the boss wants a vulnerability scan written that detects the old version, it doesn't hurt to ask. It helps to do it from your work account instead of your evil hacker alias mail account, btw.... -SN -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060331/60cd681c/attachment.pgp>
Current thread:
- Where do you find outdated services Dame Krapchev (Mar 31)
- Where do you find outdated services H D Moore (Mar 31)
- Where do you find outdated services Simple Nomad (Mar 31)
- Where do you find outdated services H D Moore (Mar 31)