What is so importatn about version numbers anyway?

Viewing 6 reply threads
  • Author
    Posts
    • #8819
      The New LT72884
      Participant

      Ello all. I have an odd question. I was watching a video on how to do the de-ice lvl 1.110 challenge because i am having issues with the image working correctly in vmplayer. However, i did not watch any of the actual how to. i just watched up to a point to ensure i wasnt crazy. Here is my odd question.

      He/she performs a ncat 192.168.1.110 21 and the following shows up:

      vsFTPd2.0.4

      he/she then states that this is important to know

      then ncat 192.168.1.110 22:

      OPENSSH_4.x

      ncat 192.168.1.110 80:

      Allows: Get,Post,Options,Head,Trace

      So why is it so vital to know that the server is running vsFTPd2.0.4 or openssh?? to me its just saying that it has ftp and ssh on it. no big deal? what is it about those versions im not aware of?

      Thanks

    • #54182
      The New LT72884
      Participant

      I also googled the version numbers and not finding out what is so great about them haha

    • #54183
      m0wgli
      Participant

      @The New LT72884 wrote:

      So why is it so vital to know that the server is running vsFTPd2.0.4 or openssh?? to me its just saying that it has ftp and ssh on it. no big deal? what is it about those versions im not aware of?

      IIRC, service version is not important (for determining possible exploits), it’s that those services are available to connect to.

    • #54184
      hayabusa
      Participant

      As mowgli noted, in this case, the key importance is in that you know the services are there.

      The version IS important to grab, as a habit, though, where you can, as often times that’ll lead you to a known exploit vector, etc.

    • #54185
      The New LT72884
      Participant

      Interesting. ok that makes more sense to me. I know that they are available to connect to, but the only problem is… how can i connect if i have no user name or password. I wish ftp was like routers where there was a basic log in like admin admin haha.

      I do not want to watch the movie or askfor spoilers AT ALL!!! so please dont tell me any. I just dont no exactly where to look or research in my books. haha

      thansk much and ill keep this thread open in case i run into an issue

    • #54186
      The New LT72884
      Participant

      ok, so after like a 30 second exhausting, tiring google search, i discovered that there are 2 default usernames… ftp or anonymous with no password. this is used for most public servers according to microsoft and iis. it just “allows” “basic” options. so lets see if this server allows default username. dun dun dun. if it does, then ill browse around and be like “i have no idea what im looking for” hahaha

    • #54187
      cyber.spirit
      Participant

      The first phase of hacking is information gathering
      the information that you collect will be useful during
      other phases of hacking for exploiting and password crack
      social engineering and etc.

      in order to exploit a service you need to know 3 things about your target:
      1- The Operating system and it’s version (Windows server 2008 r2 for example)
      2- The server’s version for example IIS 7.5 (your answer is here!!)
      3- the patch level of the server

      Some exploits can be launched only for vsFTPd2.0.4 (for example)
      and other exploits can only be launched for vsFTPd2.0.1 so knowing the version i REALLY important!

Viewing 6 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?