- This topic has 6 replies, 4 voices, and was last updated 5 years, 8 months ago by
cyber.spirit.
-
AuthorPosts
-
-
June 10, 2015 at 5:00 pm #8819
The New LT72884
ParticipantEllo all. I have an odd question. I was watching a video on how to do the de-ice lvl 1.110 challenge because i am having issues with the image working correctly in vmplayer. However, i did not watch any of the actual how to. i just watched up to a point to ensure i wasnt crazy. Here is my odd question.
He/she performs a ncat 192.168.1.110 21 and the following shows up:
vsFTPd2.0.4
he/she then states that this is important to know
then ncat 192.168.1.110 22:
OPENSSH_4.x
ncat 192.168.1.110 80:
Allows: Get,Post,Options,Head,Trace
So why is it so vital to know that the server is running vsFTPd2.0.4 or openssh?? to me its just saying that it has ftp and ssh on it. no big deal? what is it about those versions im not aware of?
Thanks
-
June 10, 2015 at 5:01 pm #54182
The New LT72884
ParticipantI also googled the version numbers and not finding out what is so great about them haha
-
June 10, 2015 at 8:18 pm #54183
m0wgli
Participant@The New LT72884 wrote:
So why is it so vital to know that the server is running vsFTPd2.0.4 or openssh?? to me its just saying that it has ftp and ssh on it. no big deal? what is it about those versions im not aware of?
IIRC, service version is not important (for determining possible exploits), it’s that those services are available to connect to.
-
June 10, 2015 at 8:31 pm #54184
hayabusa
ParticipantAs mowgli noted, in this case, the key importance is in that you know the services are there.
The version IS important to grab, as a habit, though, where you can, as often times that’ll lead you to a known exploit vector, etc.
-
June 11, 2015 at 3:04 am #54185
The New LT72884
ParticipantInteresting. ok that makes more sense to me. I know that they are available to connect to, but the only problem is… how can i connect if i have no user name or password. I wish ftp was like routers where there was a basic log in like admin admin haha.
I do not want to watch the movie or askfor spoilers AT ALL!!! so please dont tell me any. I just dont no exactly where to look or research in my books. haha
thansk much and ill keep this thread open in case i run into an issue
-
June 11, 2015 at 3:29 am #54186
The New LT72884
Participantok, so after like a 30 second exhausting, tiring google search, i discovered that there are 2 default usernames… ftp or anonymous with no password. this is used for most public servers according to microsoft and iis. it just “allows” “basic” options. so lets see if this server allows default username. dun dun dun. if it does, then ill browse around and be like “i have no idea what im looking for” hahaha
-
July 7, 2015 at 11:48 am #54187
cyber.spirit
ParticipantThe first phase of hacking is information gathering
the information that you collect will be useful during
other phases of hacking for exploiting and password crack
social engineering and etc.in order to exploit a service you need to know 3 things about your target:
1- The Operating system and it’s version (Windows server 2008 r2 for example)
2- The server’s version for example IIS 7.5 (your answer is here!!)
3- the patch level of the serverSome exploits can be launched only for vsFTPd2.0.4 (for example)
and other exploits can only be launched for vsFTPd2.0.1 so knowing the version i REALLY important!
-
-
AuthorPosts
- You must be logged in to reply to this topic.