When practicing various exploit and penetration techniques I often find myself needing to yum list available versions. Previously disclosed vulnerabilities are a great way to practice your skills as a penetration tester. However, most known vulnerabilities are often patched in more recent versions of the software meaning you will need to first install the correct version of the software you are attempting to test.
The foohickey vulnerability in baz-3.4.2-14.1 may have been patched, and now your package manager seems to only want to install baz-3.4.3-1.1.
Before diving in and attempting to build the version needed from source check your package manager. A package with the correct version may already exist.
Conveniently YUM has a flag that allows you to show more results than a normal yum search.
yum search --showduplicates
With this flag YUM will show additional versions of packages available for installation.
After identifying which package you would like to install you can install it with the following command.
yum install <package>-<version>
I hope that this tiny little flag will save you some time building from source. You can now use yum to list available versions of all packages.
It is important to remember that even with this flag, YUM will still only show packages that are available in the configured repositories. This means that you may have to install or enable the repository first.
Do you have any YUM tricks of the trade you want to share? Drop a line below!
Interested in penetration testing and cybersecurity? You may enjoy my article on Open Source Intelligence.