What is so importatn about version numbers anyway?

This topic contains 6 replies, has 4 voices, and was last updated by  cyber.spirit 4 years, 2 months ago.

  • Author
    Posts
  • #8819
     The New LT72884 
    Participant

    Ello all. I have an odd question. I was watching a video on how to do the de-ice lvl 1.110 challenge because i am having issues with the image working correctly in vmplayer. However, i did not watch any of the actual how to. i just watched up to a point to ensure i wasnt crazy. Here is my odd question.

    He/she performs a ncat 192.168.1.110 21 and the following shows up:

    vsFTPd2.0.4

    he/she then states that this is important to know

    then ncat 192.168.1.110 22:

    OPENSSH_4.x

    ncat 192.168.1.110 80:

    Allows: Get,Post,Options,Head,Trace

    So why is it so vital to know that the server is running vsFTPd2.0.4 or openssh?? to me its just saying that it has ftp and ssh on it. no big deal? what is it about those versions im not aware of?

    Thanks

  • #54182
     The New LT72884 
    Participant

    I also googled the version numbers and not finding out what is so great about them haha

  • #54183
     m0wgli 
    Participant

    @The New LT72884 wrote:

    So why is it so vital to know that the server is running vsFTPd2.0.4 or openssh?? to me its just saying that it has ftp and ssh on it. no big deal? what is it about those versions im not aware of?

    IIRC, service version is not important (for determining possible exploits), it’s that those services are available to connect to.

  • #54184
     hayabusa 
    Participant

    As mowgli noted, in this case, the key importance is in that you know the services are there.

    The version IS important to grab, as a habit, though, where you can, as often times that’ll lead you to a known exploit vector, etc.

  • #54185
     The New LT72884 
    Participant

    Interesting. ok that makes more sense to me. I know that they are available to connect to, but the only problem is… how can i connect if i have no user name or password. I wish ftp was like routers where there was a basic log in like admin admin haha.

    I do not want to watch the movie or askfor spoilers AT ALL!!! so please dont tell me any. I just dont no exactly where to look or research in my books. haha

    thansk much and ill keep this thread open in case i run into an issue

  • #54186
     The New LT72884 
    Participant

    ok, so after like a 30 second exhausting, tiring google search, i discovered that there are 2 default usernames… ftp or anonymous with no password. this is used for most public servers according to microsoft and iis. it just “allows” “basic” options. so lets see if this server allows default username. dun dun dun. if it does, then ill browse around and be like “i have no idea what im looking for” hahaha

  • #54187
     cyber.spirit 
    Participant

    The first phase of hacking is information gathering
    the information that you collect will be useful during
    other phases of hacking for exploiting and password crack
    social engineering and etc.

    in order to exploit a service you need to know 3 things about your target:
    1- The Operating system and it’s version (Windows server 2008 r2 for example)
    2- The server’s version for example IIS 7.5 (your answer is here!!)
    3- the patch level of the server

    Some exploits can be launched only for vsFTPd2.0.4 (for example)
    and other exploits can only be launched for vsFTPd2.0.1 so knowing the version i REALLY important!

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?