Metasploit mailing list archives
Old versions of vulnerable softwares
From: rhyskidd at gmail.com (Rhys Kidd)
Date: Mon, 10 Jul 2006 20:27:31 +0800
Whenever I'm faced with the requirement to get old versions, or separate copies of software for analysis, there are 3 steps that nearly always work: 1. ftp.somecorp.com - The number of vendors who still provide a generic anonymous FTP location is huge. Not only will it most likely have old builds, arranged neatly, the folder structure will also have manuals, and best-practice install guides which are good to ensure a vulnerability is present in the default, common install base. Bonus points if you find their international sites also have a ftp.somecorp.notinuk If you do happen to find sensitive developer docs here be nice and let them know. Most don't realise what 'anonymous' access is. 2. Trawl the site for any download links (Google's inurl: is awesome) and then chop back through the path if they have Directory Listing enabled. 3. Find the nomenclature used by the vendor to name the installers. Based on this just search for the likely names of old copies, many /pub locations won't have been updated to the latest copy. This works for everything from iTunes to IOS. Generic sites like oldversion.com are still very useful tools, but going straight to the source will provide more results, and results you can trust much better. - R -----Original Message----- From: Adli Abdul Wahid [mailto:adli.wahid at gmail.com] Sent: Monday, 10 July 2006 4:50 PM To: framework at metasploit.com Subject: Re: [framework] Old versions of vulnerable softwares On 7/10/06, Jerome Athias <jerome.athias at free.fr> wrote:
Hi, it's often difficult to find old versions of vulnerable softwares it's usefull to have these old versions to test an exploit module, add
You can also find some old apps here: http://www.oldversion.com and http://www.oldapps.com . - Adli --
Current thread:
- Old versions of vulnerable softwares Jerome Athias (Jul 10)
- Old versions of vulnerable softwares Adli Abdul Wahid (Jul 10)
- Old versions of vulnerable softwares Rhys Kidd (Jul 10)
- Old versions of vulnerable softwares Brandon Foley (Jul 10)
- Old versions of vulnerable softwares Adli Abdul Wahid (Jul 10)