Question about service version on Lame

Hey everybody, having some trouble with Lame.

After trying for a bit and getting the user flag another way, I read some write ups and they all seem to hinge on finding a public exploit for the specific version of “Brazilian dance” you find during a scan. However, my scans only provide a range of possible versions for both relevant ports (3.X - 4.X). I’ve tried updating and running nmap a few different ways, and connecting with a client with no credentials and watching the traffic (couldn’t connect).

Now having read write ups I know the exploit to use, but I don’t see how I could arrive at such an exploit with the information I have - the write ups showed scans yielding a specific version. I’m wondering if something with the machine or service has changed to not give up its version. I tried scanning both from my VM and from HTB pwnbox so I don’t think its a config issue on my end, but who knows.

I can give more details, just didn’t want to spoil anything.

@b00tch0mpins, try running an nmap scan with the -A option, just replace the port number with the one in question :

nmap -T4 -p xxx -A

You should see the specific version number in the results.