Results 1 to 3 of 3

Thread: finger exploits

  1. July 13th, 2002, 05:41 AM #1
    AngryBob
    AngryBob is offline
    Banned
    Join Date
    Apr 2002
    Posts
    149

    finger exploits

    can a finger buffer overflow exploit be run only from a command line, telnet/ssh etc? or does it actually run from entering
    "finger @here.com <insert overflow here?>

    on this server there is no sort of "finger log" that i can find, however ssh is not running. therefore my thinking is this machine could not have been rooted from this exploit.
    Reply With Quote Reply With Quote
  2. July 13th, 2002, 06:15 AM #2
    NUKEM6
    NUKEM6 is offline
    Member
    Join Date
    Oct 2001
    Posts
    60

    Cool v1.0

    Hmm? I think I was talking to someone about this a very long time ago on another site but I can't really remember too much about it. So in a nutshell it depends on the version of the program. What I mean by that is different versions of programs have diff exploits so type in the version of finger or telnet your are testing "heh lol testing" in google and I am sure all kinds of things will come up??? That’s all I know...
    Reply With Quote Reply With Quote
  3. July 13th, 2002, 06:42 AM #3
    draziw
    draziw is offline
    Senior Member
    Join Date
    Apr 2002
    Posts
    711

    Re: finger exploits

    Originally posted here by AngryBob
    can a finger buffer overflow exploit be run only from a command line, telnet/ssh etc? or does it actually run from entering
    "finger @here.com <insert overflow here?>

    on this server there is no sort of "finger log" that i can find, however ssh is not running. therefore my thinking is this machine could not have been rooted from this exploit.
    It depends on if it's running as a service or only locally. Many systems still enable finger by default, out of the box. A typical buffer overflow is basically handing an application more information than it's ready (or willing) to handle (and yes, that is very, very, very basic information WRT overflows - there's a bit more to it than just that, but that's enough of a premise to help explain, I think).

    And, not sure at what level finger syslogs, if at all. You can try creating a debug level syslog of all facilities and using it... my guess is that you'll only see inetd or xinetd or equivalent log the connection, but finger won't tell you what was sent to it (though a honeypot to do such is simple enough).

    In /etc/syslog.conf, you'll need something like:

    Code:
    *.debug[tab]/var/log/debug
    Do a "touch" or /var/log/debug, then kill -HUP syslog and you should have a log started. You might remember to remove that entry, the log, and re-HUP syslog when you're done to make sure you don't inadvertantly fill up your disk.

    Hope that helps a little!
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules