Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Finger

  1. #1
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724

    Finger

    About 3-4 months ago, I posted a thread asking questions about the FINGER DAEMON. Now, I seem to have been able to communicate with it. I get this responce when I give a valid FINGER: username.

    ----======**************************************=======-----
    Finger Client Responces to Generated Usernames.
    ----======**************************************=======-----
    Finger Username:John
    login :cunniffe
    Directory: /usr4/home/cunniffe
    logged in from 204.56.**.**
    Shell: /bin/sh

    Login: hintog
    Directory: /usr/home/hintog
    Shell: /bin/sh

    Finger Username:Test
    Login:ns20198
    Directory: /dev/null
    Shell:/user/local/bin/pop


    Can someone let me know what service(Telnet, FTP, WINVPN, ect...)these usernames are for.
    I suppose i could use the process of elimination but, if my cousin finds out what I am doing he could change the config, and force me to start over.


    PS. Dont spaz, I am doing a security check for My cousin Robert. At the fathersday thing we had, he was ranting about how secure his network is blah blah blah...so I challenged him.
    Hey, could land me a job..
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  2. #2
    I was going to actually post a thread named "Finger" because I need to better understand it, but can someone explain to me what it is used for and what it does?

  3. #3
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724
    Well from what I can tell, it shows who has logged in to the server. Where from, ect... I honestly don't see any good in the FINGER daemon. It seems to just be a big ass security hole. Really, its all foggy, so I dont really know yet.


    *Patiently waits for someone to clear the air.
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  4. #4
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    One can also finger an IP addy to then find out user name, ISP etc. That is how I used it in the past, to see who an unknown was. Try using an IP address, from what I see in your post it is a valid user name and the pl/sh neams it is secure if I can recall enough of my unix from the past.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Oh small note and I believe it is no longer supported but from a IP address one used to be able to then finger to get a valid email address, but was a security risk. Why it is not supported in most cases from outside in.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  6. #6
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    Dr Toker> What OS are you using? RH 4.x or something?
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  7. #7
    How would I go about using FINGER? Is there a program that use's finger or is there a dos command?

  8. #8
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    JC > Finger is a DOS/*nix command.

    AJ

  9. #9
    Um.. Thanks, What is the command though?

  10. #10
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    From the DOS command prompt:

    "[Finger] Displays information about a user on a specified system running the
    Finger service. Output varies based on the remote system.

    FINGER [-l] [user]@host [...]

    -l Displays information in long list format.
    user Specifies the user you want information about. Omit the user
    parameter to display information about all users on the
    specifed host.
    @host Specifies the server on the remote system whose users you
    want information about."

    I would post the *nix equivalent, but the man page is way too long... if you need it, PM me and I can send it to you in a text file.

    AJ

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •