how to finger a user via telnet
Results 1 to 7 of 7

Thread: how to finger a user via telnet

  1. #1
    Junior Member
    Join Date
    Oct 2004
    Posts
    3

    how to finger a user via telnet

    Hacking. The word conjures up evil computer geniuses plotting the downfall
    of civilization while squirreling away billions in electronically stolen
    funds in an Antigua bank.

    But I define hacking as taking a playful, adventurous approach to computers.
    Hackers don't go by the book. We fool around and try odd things, and when we
    stumble across something entertaining we tell our friends about it. Some of
    us may be crooks, but more often we are good guys, or at least harmless.

    Furthermore, hacking is surprisingly easy. I'll give you a chance to prove
    it to yourself, today!

    But regardless of why you want to be a hacker, it is definitely a way to
    have fun, impress your buddies, and get dates. If you are a female hacker
    you become totally irresistible to all men. Take my word for it!;^D

    This column can become your gateway into this world. In fact, after reading
    just this first Guide to (mostly) Harmless Hacking, you will be able to pull
    off a stunt that will impress the average guy or gal unlucky^H^H^H^H^H^H^H
    fortunate enough to get collared by you at a party.

    So what do you need to become a hacker? Before I tell you, however, I am
    going to subject you to a rant.

    Have you ever posted a message to a news group or email list devoted to
    hacking? You said something like "What do I need to become a hacker?" right?
    Betcha you won't try *that* again!

    It gives you an education in what "flame" means, right?

    Yes, some of these 3l1te types like to flame the newbies. They act like they
    were born clutching a Unix manual in one hand and a TCP/IP specification
    document in the other and anyone who knows less is scum.

    *********************
    Newbie note: 3l1t3, 31337, etc. all mean "elite." The idea is to take either
    the word "elite" or "eleet" and substitute numbers for some or all the
    letters. We also like zs. Hacker d00dz do this sor7 of th1ng l0tz.
    ********************

    Now maybe you were making a sincere call for help. But there is a reason
    many hackers are quick to flame strangers who ask for help.

    What we worry about is the kind of guy who says, "I want to become a hacker.
    But I *don't* want to learn programming and operating systems. Gimme some
    passwords, d00dz! Yeah, and credit card numbers!!!"

    Honest, I have seen this sort of post in hacker groups. Post something like
    this and you are likely to wake up the next morning to discover your email
    box filled with 3,000 messages from email discussion groups on agricultural
    irrigation, proctology, collectors of Franklin Mint doo-dads, etc. Etc.,
    etc., etc....arrrgghhhh!

    The reason we worry about wannabe hackers is that it is possible to break
    into other people's computers and do serious damage even if you are almost
    totally ignorant.

    How can a clueless newbie trash other people's computers? Easy. There are
    public FTP and Web sites on the Internet that offer canned hacking programs.

    Thanks to these canned tools, many of the "hackers" you read about getting
    busted are in fact clueless newbies.

    This column will teach you how to do real, yet legal and harmless hacking,
    without resorting to these hacking tools. But I won't teach you how to harm
    other people's computers. Or even how to break in where you don't belong.

    ******************************
    You can go to jail tip: Even if you do no harm, if you break into a portion
    of a computer that is not open to the public, you have committed a crime. If
    you telnet across a state line to break in, you have committed a federal felony.
    *************************************

    I will focus on hacking the Internet. The reason is that each computer on
    the Internet has some sort of public connections with the rest of the Net.
    What this means is that if you use the right commands, you can *legally*
    access these computers.

    That, of course, is what you already do when you visit a Web site. But I
    will show you how to access and use Internet host computers in ways that
    most people didn't know were possible. Furthermore, these are *fun* hacks.

    In fact, soon you will be learning hacks that shed light on how other people
    (Not you, right? Promise?) may crack into the non-public parts of hosts. And
    -- these are hacks that anyone can do.

    But, there is one thing you really need to get. It will make hacking
    infinitely easier:

    A SHELL ACCOUNT!!!!

    A "shell account" is an Internet account in which your computer becomes a
    terminal of one of your ISP's host computers. Once you are in the "shell"
    you can give commands to the Unix operating system just like you were
    sitting there in front of one of your ISP's hosts.

    Warning: the tech support person at your ISP may tell you that you have a
    "shell account" when you really don't. Many ISPs don't really like shell
    accounts, either. Guess why? If you don't have a shell account, you can't hack!

    But you can easily tell if it is a real shell account. First, you should use
    a "terminal emulation program" to log on. You will need a program that
    allows you to imitate a VT 100 terminal. If you have Windows 3.1 or Windows
    95, a VT 100 terminal program is included as one of your accessory program.

    Any good ISP will allow you to try it out for a few days with a guest
    account. Get one and then try out a few Unix commands to make sure it is
    really a shell account.

    You don't know Unix? If you are serious about understanding hacking, you'll
    need some good reference books. No, I don't mean the kind with breathless
    titles like "Secrets of Super hacker." I've bought too many of that kind of
    book. They are full of hot air and thin on how-to. Serious hackers study
    books on:
    a) Unix. I like "The Unix Companion" by Harley Hahn.
    b) Shells. I like "Learning the Bash Shell" by Cameron Newham and Bill
    Rosenblatt. A "shell" is the command interface between you and the Unix
    operating system.
    c) TCP/IP, which is the set of protocols that make the Internet work. I
    like "TCP/IP for Dummies" by Marshall Wilensky and Candace Leiden.

    OK, rant is over. Time to hack!

    How would you like to start your hacking career with one of the simplest,
    yet potentially hairy, hacks of the Internet? Here it comes: telnet to a
    finger port.

    Have you ever used the finger command before? Finger will sometimes tell you
    a bunch of stuff about other people on the Internet. Normally you would just
    enter the command:

    finger Joe_Schmoe@Fubar.com

    But instead of Joe Schmoe, you put in the email address of someone you would
    like to check out. For example, my email address is cmeinel@techbroker.com.
    So to finger me, give the command:

    finger cmeinel@techbroker.com

    Now this command may tell you something, or it may fail with a message such
    as "access denied."

    But there is a more elite way to finger people. You can give the command:

    telnet llama.swcp.com 79

    What this command has just done is let you get on a computer with an
    Internet address of llama.swcp.com through its port 79 -- without giving it
    a password.

    But the program that llama and many other Internet hosts are running will
    usually allow you to give only ONE command before automatically closing the
    connection. Make that command:

    cmeinel

    This will tell you a hacker secret about why port 79 and its finger programs
    are way more significant than you might think. Or, heck, maybe something
    else if the friendly neighborhood hacker is still planting insulting
    messages in my files.

    Now, for an extra hacking bonus, try telnetting to some other ports. For
    example:

    telnet kitsune.swcp.com 13

    That will give you the time and date here in New Mexico, and:

    telnet slug.swcp.com 19

    Will show you a good time!

    OK, I'm signing off for this column. And I promise to tell you more about
    what the big deal is over telnetting to finger -- but later. Happy hacking!
    pakna
    Share on Google+

  2. #2
    Junior Member
    Join Date
    Oct 2004
    Posts
    3
    How would you like to totally blow away your friends? OK, what is the
    hairiest thing you hear that super hackers do?

    It's gaining unauthorized access to a computer, right?

    So how would you like to be able to gain access and run a program on the
    almost any of the millions of computers hooked up to the Internet? How would
    you like to access these Internet computers in the same way as the most
    notorious hacker in history: Robert Morris!

    It was his "Morris Worm" which took down the Internet in 1990. Of course,
    the flaw he exploited to fill up 10% of the computers on the Internet with
    his self-mailing virus has been fixed now -- on most Internet hosts.

    But that same feature of the Internet still has lots of fun and games and
    bugs left in it. In fact, what we are about to learn is the first step of
    several of the most common ways that hackers break into private areas of
    unsuspecting computers.

    But I'm not going to teach you to break into private parts of computers. It
    sounds too sleazy. Besides, I am allergic to jail.

    So what you are about to learn is legal, harmless, yet still lots of fun. No
    pulling the blinds and swearing blood oaths among your buddies who will
    witness you doing this hack.

    But -- to do this hack, you need an on-line service which allows you to
    telnet to a specific port on an Internet host. Netcom, for example, will let
    you get away with this.

    But Compuserve, America Online and many other Internet Service Providers
    (ISPs) are such good nannies that they will shelter you from this temptation.

    But your best way to do this stuph is with a SHELL ACCOUNT! If you don't
    have one yet, get it now!

    ***********************************
    Newbie note #1; A shell account is an Internet account that lets you give
    Unix commands. Unix is a lot like DOS. You get a prompt on your screen and
    type out commands. Unix is the language of the Internet. If you want to be
    a serious hacker, you have to learn Unix.
    ****************************

    Even if you have never telnetted before, this hack is super simple. In fact,
    even though what you are about to learn will look like hacking of the most
    heroic sort, you can master it in half an hour -- or less. And you only need
    to memorize *two* commands.

    To find out whether your Internet service provider will let you do this
    stuph, try this command:

    telnet callisto.unm.edu 25

    This is a computer at the University of New Mexico. My Compuserve account
    gets the vapors when I try this. It simply crashes out of telnet without so
    much as a "tsk, tsk."

    But at least today Netcom will let me do this command. And just about any
    cheap "shell account" offered by a fly-by-night Internet service provider
    will let you do this. Many college accounts will let you get away with this,
    too.

    ******************************
    Newbie note #2: How to Get Shell Accounts

    Try your yellow pages phone book. Look under Internet. Call and ask for a
    "shell account."

    They'll usually say, "Sure, can do." But lots of times they are lying. They
    think you are too dumb to know what a real shell account is. Or the
    underpaid person you talk with doesn't have a clue.

    The way around this is to ask for a free temporary guest account. Any
    worthwhile ISP will give you a test drive. Then try out today's hack.
    *******************************

    OK, let's assume that you have an account that lets you telnet someplace
    serious. So let's get back to this command:

    telnet callisto.unm.edu 25

    If you have ever done telnet before, you probably just put in the name of
    the computer you planned to visit, but didn't add in any numbers afterward.
    But those numbers afterward are what makes the first distinction between the
    good, boring Internet citizen and someone slaloming down the slippery slope
    of hackerdom.

    What that 25 means is that you are commanding telnet to take you to a
    specific port on your intended victim, er, computer.

    ***********************************
    Newbie note #3: Ports
    A computer port is a place where information goes in or out of it. On your
    home computer, examples of ports are your monitor, which sends information
    out, your keyboard and mouse, which send information in, and your modem,
    which sends information both out and in.

    But an Internet host computer such as callisto.unm.edu has many more ports
    than a typical home computer. These ports are identified by numbers. Now
    these are not all physical ports, like a keyboard or RS232 serial port (for
    your modem). They are virtual (software) ports.
    ***********************************

    But there is phun in that port 25. Incredible phun. You see, whenever you
    telnet to a computer's port 25, you will get one of two results: once in
    awhile, a message saying "access denied" as you hit a firewall. But, more
    often than not, you get something like this:

    Trying 129.24.96.10...
    Connected to callisto.unm.edu.
    Escape character is '^]'.
    220 callisto.unm.edu Smail3.1.28.1 #41 ready at Fri, 12 Jul 96 12:17 MDT

    Hey, get a look at this! It didn't ask us to log in. It just says...ready!

    Notice it is running Smail3.1.28.1, a program used to compose and send email.

    Ohmigosh, what do we do now? Well, if you really want to look sophisticated,
    the next thing you do is ask callisto.unm.edu to tell you what commands you
    can use. In general, when you get on a strange computer, at least one of
    three commands will get you information: "help," "?", or "man." In this case
    I type in:

    help

    ... and this is what I get

    250 The following SMTP commands are recognized:
    250
    250 HELO hostname startup and give your hostname
    250 MAIL FROM:<sender address> start transaction from sender
    250 RCPT TO:<recipient address> name recipient for message
    250 VRFY <address> verify deliverability of address
    250 EXPN <address> expand mailing list address
    250 DATA start text of mail message
    250 RSET reset state, drop transaction
    250 NOOP do nothing
    250 DEBUG [level] set debugging level,default 1
    250 HELP produce this help message
    250 QUIT close SMTP connection
    250
    250 The normal sequence of events in sending a message is to state the
    250 sender address with a MAIL FROM command, give the recipients with
    250 as many RCPT TO commands as are required (one address per command)
    250 and then to specify the mail message text after the DATA command.
    250 Multiple messages may be specified. End the last one with a QUIT.

    Getting this list of commands is pretty nifty. It makes you look really kewl
    because you know how to get the computer to tell you how to hack it. And it
    means that all you have to memorize is the "telnet <hostname> 25 " and
    "help" commands. For the rest, you can simply check up on the commands while
    on-line. So even if your memory is as bad as mine, you really can learn and
    memorize this hack in only half an hour. Heck, maybe half a minute.

    OK, so what do we do with these commands? Yup, you figured it out, this is a
    very, very primitive email program. And guess why you can get on it without
    logging in? Guess why it was the point of vulnerability that allowed Robert
    Morris to crash the Internet?

    Port 25 moves email from one node to the next across the Internet. It
    automatically takes incoming email and if the email doesn't belong to
    someone with an email address on that computer, it sends it on to the next
    computer on the net, eventually to wend its way to the person to who this
    email belongs.

    Oftentimes email will go directly from sender to recipient, but if you email
    to someone far away, or if the Internet is clogged with traffic, email may
    go through several computers.

    There are millions of computers on the Internet that forward email. And you
    can get access to almost any one of these computers without a password!
    Furthermore, as you will soon learn, it is easy to get the Internet
    addresses of these millions of computers.

    Some of these computers have very good security, making it hard to have
    serious fun with them. But others have very little security. One of the joys
    of hacking is exploring these computers to find ones that suit ones fancy.

    OK, so now that we are in Morris Worm country, what can we do with it? Well,
    here's what I did. (My commands have no number in front of them, whereas the
    computer's responses are prefixed by numbers.)

    helo santa@north.pole.org
    250 callisto.unm.edu Hello santa@north.pole.org
    mail from:santa@north.pole.org
    250 <santa@north.pole.org> ... Sender Okay
    rcpt to:cmeinel@nmia.com
    250 <cmeinel@nmia.com> ... Recipient Okay
    data
    354 Enter mail, end with "." on a line by itself
    It works!!!
    .
    250 Mail accepted

    What happened here is that I sent some fake email to myself. Now let's take
    a look at what I got in my mailbox, showing the complete header:

    Here's what I saw using the free version of Eudora:

    X POP3 Rcpt: cmeinel@socrates

    This line tells us that X-POP3 is the program of my ISP that received my
    email, and that my incoming email is handled by the computer Socrates.

    *****************************
    Evil Genius Tip: incoming email is handled by port 110. Try telnetting there
    someday. But usually POP, the program running on 110, won't give you help
    with its commands and boots you off the minute you make a misstep.
    *****************************

    Return Path: <santa@north.pole.org>

    This line above is my fake email address.

    Apparently From: santa@north.pole.org
    Date: Fri, 12 Jul 96 12:18 MDT

    But note that the header lines above say "Apparently-From" This is important
    because it alerts me to the fact that this is fake mail.

    Apparently To: cmeinel@nmia.com
    X Status:

    It works!!!

    Now here is an interesting fact. Different email reading programs show
    different headers. So how good your fake email is depends on part on what
    email program is used to read it. Here's what Pine, an email program that
    runs on Unix systems, shows with this same email:

    Return Path: <santa@north.pole.org>
    Received:
    from callisto.unm.edu by nmia.com
    with smtp
    (Linux Smail3.1.28.1 #4)
    id m0uemp4 000LFGC; Fri, 12 Jul 96 12:20 MDT

    This identifies the computer on which I ran the smail program. It also tells
    what version of the smail program was running.

    Apparently From: santa@north.pole.org

    And here is the "apparently-from" message again. So both Pine and Eudora
    show this is fake mail.

    Received: from santa@north.pole.org by callisto.unm.edu with smtp
    (Smail3.1.28.1 #41) id m0uemnL 0000HFC; Fri, 12 Jul 96 12:18 MDT
    Message Id: <m0uemnL 0000HFC@callisto.unm.edu>

    Oh, oh! Not only does it show that it may be fake mail -- it has a message
    ID! This means that somewhere on Callisto there will be a log of message IDs
    telling who has used port 25 and the smail program. You see, every time
    someone logs on to port 25 on that computer, their email address is left
    behind on the log along with that message ID.

    Date: Fri, 12 Jul 96 12:18 MDT
    Apparently From: santa@north.pole.com
    Apparently To: cmeinel@nmia.com

    It works!!!

    If someone were to use this email program to do a dastardly deed, that
    message ID is what will put the narcs on his or her tail. So if you want to
    fake email, it is harder to get away with it if you send it to someone using
    Pine than if they use the free version of Eudora. (You can tell what email
    program a person uses by looking at the header of their email.)

    But -- the email programs on port 25 of many Internet hosts are not as well
    defended as callisto.unm.edu. Some are better defended, and some are not
    defended at all. In fact, it is possible that some may not even keep a log
    of users of port 25, making them perfect for criminal email forgery.

    So just because you get email with perfect-looking headers doesn't mean it
    is genuine. You need some sort of encrypted verification scheme to be almost
    certain email is genuine.

    ******************************************
    You can go to jail note: If you are contemplating using fake email to commit
    a crime, think again. If you are reading this you don't know enough to forge
    email well enough to elude arrest.
    *******************************************

    Here is an example of a different email program, sendmail. This will give
    you an idea of the small variations you'll run into with this hack.

    Here's my command:

    telnet ns.Interlink.Net 25

    The computer answers:

    Trying 198.168.73.8...
    Connected to NS.INTERLINK.NET.
    Escape character is '^]'.
    220 InterLink.NET Sendmail AIX 3.2/UCB 5.64/4.03 ready at Fri, 12 Jul 1996
    15:45

    Then I tell it:

    helo santa@north.pole.org

    And it responds:

    250 InterLink.NET Hello santa@north.pole.org (plato.nmia.com)

    Oh, oh! This sendmail version isn't fooled at all! See how it puts
    "(plato.nmia.com)" -- the computer I was using for this hack -- in there
    just to let me know it knows from what computer I've telnetted? But what the
    heck, all Internet hosts know that kind of info. I'll just bull ahead and
    send fake mail anyhow. Again, my input has no numbers in front, while the
    responses of the computer are prefaced by the number 250:

    mail from:santa@north.pole.com
    250 santa@north.pole.com... Sender is valid.
    rcpt to:cmeinel@nmia.com
    250 cmeinel@nmia.com... Recipient is valid.
    data
    354 Enter mail. End with the . character on a line by itself.
    It works!
    .
    250 Ok
    quit
    221 InterLink.NET: closing the connection.

    OK, what kind of email did that computer generate? Here's what I saw using Pine:

    Return Path: <santa@north.pole.org>
    Received:
    from InterLink.NET by nmia.com
    with smtp
    (Linux Smail3.1.28.1 #4)
    id m0ueo7t 000LEKC; Fri, 12 Jul 96 13:43 MDT
    Received: from plato.nmia.com by InterLink.NET (AIX 3.2/UCB 5.64/4.03)
    id AA23900; Fri, 12 Jul 1996 15:43:20 0400

    Oops. Here the InterLink.NET computer has revealed the computer I was on
    when I telnetted to its port 25. However, many people use that Internet host
    computer.

    Date: Fri, 12 Jul 1996 15:43:20 0400
    From: santa@north.pole.org
    Message Id: <9607121943.AA23900@InterLink.NET>
    Apparently To: cmeinel@nmia.com

    It worked!

    OK, here it doesn't say "Apparently-From," so now I know the computer
    ns.Interlink.Net is a pretty good one to send fake mail from. An experienced
    email aficionado would know from the Received: line that this is fake mail.
    But its phoniness doesn't just jump out at you.

    I'm going to try another computer. Hmmm, the University of California at
    Berkeley is renowned for its computer sciences research. I wonder what their
    hosts are like? Having first looked up the numerical Internet address of one
    of their machines, I give the command:

    telnet 128.32.152.164 25

    It responds with:

    Trying 128.32.152.164...
    Connected to 128.32.152.164.
    Escape character is '^]'.
    220 remarque.berkeley.edu ESMTP Sendmail 8.7.3/1.31 ready at Thu, 11 Jul
    1996 12
    help
    214 This is Sendmail version 8.7.3
    214 Commands:
    214 HELO EHLO MAIL RCPT DATA
    214 RSET NOOP QUIT HELP VRFY
    214 EXPN VERB
    214 For more info use "HELP <topic>".
    214 To report bugs in the implementation send email to
    214 sendmail@CS.Berkeley.EDU.
    214 For local information send email to Postmaster at your site.
    214 End of HELP info

    Oh, boy, a slightly different sendmail program! I wonder what more it will
    tell me about these commands?

    HELP mail
    214 MAIL FROM: <sender>
    214 Specifies the sender.
    214 End of HELP info

    Big f***ing deal! Oh, well, let's see what this computer (which we now know
    is named remarque) will do to fake mail.

    MAIL FROM:santa@north.pole.org
    250 santa@north.pole.org... Sender ok

    Heyyy... this is interesting ... I didn't say "helo" and this sendmail
    program didn't slap me on the wrist! Wonder what that means...

    RCPT TO:cmeinel@techbroker.com
    250 Recipient ok
    DATA
    354 Enter mail, end with "." on a line by itself
    This is fake mail on a Berkeley computer for which I do not have a password.
    .
    250 MAA23472 Message accepted for delivery
    quit
    221 remarque.berkeley.edu closing connection

    Now we go to Pine and see what the header looks like:

    Return Path: <santa@north.pole.org>
    Received:
    from nmia.com by nmia.com
    with smtp
    (Linux Smail3.1.28.1 #4)
    id m0ueRnW 000LGiC; Thu, 11 Jul 96 13:53 MDT
    Received:
    from remarque.berkeley.edu by nmia.com
    with smtp
    (Linux Smail3.1.28.1 #4)
    id m0ueRnV 000LGhC; Thu, 11 Jul 96 13:53 MDT
    Apparently To: <cmeinel@techbroker.com>
    Received: from merde.dis.org by remarque.berkeley.edu (8.7.3/1.31)
    id MAA23472; Thu, 11 Jul 1996 12:49:56 0700 (PDT)

    Look at the three "received" messages. My ISP's computer received this email
    not directly from Remarque.berkeley.edu. but from merde.dis.com, which in
    turn got the email from Remarque.

    Hey, I know who owns merde.dis.org! So the Berkeley computer forwarded this
    fake mail through famed computer security expert Pete Shipley's Internet
    host computer! Hint: the name "merde" is a joke. So is "dis.org."

    Now let's see what email from remarque looks like. Let's use Pine again:

    Date: Thu, 11 Jul 1996 12:49:56 0700 (PDT)
    From: santa@north.pole.org
    Message Id: <199607111949.MAA23472@remarque.berkeley.edu>

    This is fake mail on a Berkeley computer for which I do not have a password.

    Hey, this is pretty kewl. It doesn't warn that the Santa address is phony!
    Even better, it keeps secret the name of the originating computer:
    plato.nmia.com. Thus remarque.berkeley.edu was a really good computer from
    which to send fake mail. (Note: last time I checked, they had fixed
    remarque, so don't bother telnetting there.)

    But not all sendmail programs are so friendly to fake mail. Check out the
    email I created from atropos.c2.org!

    telnet atropos.c2.org 25
    Trying 140.174.185.14...
    Connected to atropos.c2.org.
    Escape character is '^]'.
    220 atropos.c2.org ESMTP Sendmail 8.7.4/CSUA ready at Fri, 12 Jul 1996 15:41:33
    help
    502 Sendmail 8.7.4 HELP not implemented

    Gee, you're pretty snippy today, aren't you... What the heck, let's plow
    ahead anyhow...

    helo santa@north.pole.org
    501 Invalid domain name

    Hey, what's it to you, buddy? Other sendmail programs don't give a darn what
    name I use with "helo." OK, OK, I'll give you a valid domain name. But not
    a valid user name!

    helo satan@unm.edu
    250 atropos.c2.org Hello cmeinel@plato.nmia.com [198.59.166.165], pleased
    to meet you

    Verrrry funny, pal. I'll just bet you're pleased to meet me. Why the #%&@
    did you demand a valid domain name when you knew who I was all along?

    mail from:santa@north.pole.com
    250 santa@north.pole.com... Sender ok
    rcpt to: cmeinel@nmia.com
    250 Recipient ok
    data
    354 Enter mail, end with "." on a line by itself
    Oh, crap!
    .
    250 PAA13437 Message accepted for delivery
    quit
    221 atropos.c2.org closing connection

    OK, what kind of email did that obnoxious little sendmail program generate?
    I rush over to Pine and take a look:

    Return Path: <santa@north.pole.com>

    Well, how very nice to allow me to use my fake address.

    Received:
    from atropos.c2.org by nmia.com
    with smtp
    (Linux Smail3.1.28.1 #4)
    id m0ueqxh 000LD9C; Fri, 12 Jul 96 16:45 MDT
    Apparently To: <cmeinel@nmia.com>
    Received: from satan.unm.edu (cmeinel@plato.nmia.com [198.59.166.165])

    Oh, how truly special! Not only did the computer atropos.c2.org blab out my
    true identity, it also revealed that satan.unm.edu thing. Grump...
    that will teach me.

    by atropos.c2.org (8.7.4/CSUA) with SMTP id PAA13437 for
    cmeinel@nmia.com; Fri, 12
    Jul 1996 15:44:37 0700 (PDT)
    Date: Fri, 12 Jul 1996 15:44:37 0700 (PDT)
    From: santa@north.pole.com
    Message Id: <199607122244.PAA13437@atropos.c2.org>

    Oh, crap!

    So, the moral of that little hack is that there are lots of different email
    programs floating around on port 25 of Internet hosts. So if you want to
    have fun with them, it's a good idea to check them out first before you use
    them to show off with.
    pakna
    Share on Google+

  3. #3
    Junior Member
    Join Date
    Oct 2004
    Posts
    3
    how finger can be used as one of the most common
    ways to crack into non-public parts of an Internet host.
    _______________________________________________________

    Before you get too excited over learning how finger can be used to crack an
    Internet host, will all you law enforcement folks out there please relax.
    I'm not giving step-by-step instructions. I'm certainly not handing out code
    from those publicly available canned cracking tools that any newbie could
    use to gain illegal access to some hosts.

    What you are about to read are some basic principles and techniques behind
    cracking with finger. In fact, some of these techniques are fun and legal as
    long as they aren't taken too far. And they might tell you a thing or two
    about how to make your Internet hosts more secure.

    You could also use this information to become a cracker. Your choice. Just
    keep in mind what it would be like to be the "girlfriend" of a cell mate
    named "Spike."

    *********************************
    Newbie note #1: Many people assume "hacking" and "cracking" are synonymous.
    But "cracking" is gaining illegal entry into a computer. "Hacking" is the
    entire universe of kewl stuff one can do with computers, often without
    breaking the law or causing harm.
    *********************************

    What is finger? It is a program which runs on port 79 of many Internet host
    computers. It is normally used to provide information on people who are
    users of a given computer.

    For review, let's consider the virtuous but boring way to give your host
    computer the finger command:

    finger Joe_Blow@boring.ISP.net

    This causes your computer to telnet to port 79 on the host boring.ISP.net.
    It gets whatever is in the .plan and .project files for Joe Blow and
    displays them on your computer screen.

    But the Happy Hacker way is to first telnet to boring.ISP.net port 79, from
    which we can then run its finger program:

    telnet boring.ISP.net 79

    If you are a good Internet citizen you would then give the command:

    Joe_Blow

    or maybe the command:

    finger Joe_Blow

    This should give you the same results as just staying on your own computer
    and giving the command "finger Joe_Blow@boring.ISP.net."

    But for a cracker, there are lots and lots of other things to try after
    gaining control of the finger program of boring.ISP.net by telnetting to
    port 79.

    Ah, but I don't teach how to do felonies. So we will just cover general
    principles of how finger is commonly used to crack into boring.ISP.net. You
    will also learn some perfectly legal things you can try to get finger to do.

    For example, some finger programs will respond to the command:

    finger @boring.ISP.net

    If you should happen to find a finger program old enough or trusting enough
    to accept this command, you might get something back like:

    [boring.ISP.net]
    Login Name TTY Idle When Where
    happy Prof. Foobar co 1d Wed 08:00 boring.ISP.net

    This tells you that only one guy is logged on, and he's doing nothing. This
    means that if someone should manage to break in, no one is likely to notice
    -- at least not right away.

    Another command to which a finger port might respond is simply:

    finger

    If this command works, it will give you a complete list of the users of this
    host. These user names then can be used to crack a password or two.

    Sometimes a system will have no restrictions on how lame a password can be.
    Common lame password habits are to use no password at all, the same password
    as user name, the user's first or last name, and "guest." If these don't
    work for the cracker, there are widely circulated programs which try out
    every word of the dictionary and every name in the typical phone book.

    ********************************
    Newbie Note #2: Is your password easy to crack? If you have a shell account,
    you may change it with the command:

    passwd

    Choose a password that isn't in the dictionary or phone book, is at least 6
    characters long, and includes some characters that are not letters of the
    alphabet.

    A password that is found in the dictionary but has one extra character is
    *not* a good password.
    ********************************

    Other commands which may sometimes get a response out of finger include:

    finger @
    finger 0
    finger root
    finger bin
    finger ftp
    finger system
    finger guest
    finger demo
    finger manager

    Or, even just hitting <enter> once you are into port 79 may give you
    something interesting.

    There are plenty of other commands that may or may not work. But most
    commands on most finger programs will give you nothing, because most system
    administrators don't want to ladle out lots of information to the casual
    visitor. In fact, a really cautious sysadmin will disable finger entirely.
    So you'll never even manage to get into port 79 of some computers

    However, none of these commands I have shown you will give you root access.
    They provide information only.

    ************************
    Newbie note #3: Root! It is the Valhalla of the hard-core cracker. "Root" is
    the account on a multi-user computer which allows you to play god. It is the
    account from which you can enter and use any other account, read and modify
    any file, run any program. With root access, you can completely destroy all
    data on boring.ISP.net. (I am *not* suggesting that you do so!)
    *************************

    It is legal to ask the finger program of boring.ISP.net just about anything
    you want. The worst that can happen is that the program will crash.

    Crash...what happens if finger crashes?

    Let's think about what finger actually does. It's the first program you meet
    when you telnet to boring.ISP.net's port 79. And once there, you can give it
    a command that directs it to read files from any user's account you may choose.

    That means finger can look in any account.

    That means if it crashes, you may end up in root.

    Please, if you should happen to gain root access to someone else's host,
    leave that computer immediately! You'd better also have a good excuse for
    your systems administrator and the cops if you should get caught!

    If you were to make finger crash by giving it some command like ///*^S, you
    might have a hard time claiming that you were innocently seeking publicly
    available information.

    *****************
    YOU CAN GO TO JAIL TIP #1: Getting into a part of a computer that is not
    open to the public is illegal. In addition, if you use the phone lines or
    Internet across a US state line to break into a non-public part of a
    computer, you have committed a Federal felony. You don't have to cause any
    harm at all -- it's still illegal. Even if you just gain root access and
    immediately break off your connection -- it's still illegal.
    ***************

    Truly elite types will crack into a root account from finger and just leave
    immediately. They say the real rush of cracking comes from being *able* to
    do anything to boring.ISP.net -- but refusing the temptation.

    The elite of the elite do more than just refrain from taking advantage of
    the systems they penetrate. They inform the systems administrator that they
    have cracked his or her computer, and leave an explanation of how to fix the
    security hole.

    ************************************
    YOU CAN GO TO JAIL TIP #2: When you break into a computer, the headers on
    the packets that carry your commands tell the sysadmin of your target who
    you are. If you are reading this column you don't know enough to cover your
    tracks. Tell temptation to take a hike!
    ************************************

    Ah, but what are your chances of gaining root through finger? Haven't
    zillions of hackers found all the crashable stuph? Doesn't that suggest that
    finger programs running on the Internet today are all fixed so you can't get
    root access through them any more?

    No.

    The bottom line is that any systems adminstrator that leaves the finger
    service running on his/her system is taking a major risk. If you are the
    user of an ISP that allows finger, ask yourself this question: is using it
    to advertise your existence across the Internet worth the risk?

    OK, I'm signing off for this column. I look forward to your contributions to
    this list. Happy hacking -- and don't get busted!

    __________________________________________________________________

    Want to share some kewl stuph? Tell me I'm terrific? Flame me? For the first
    two, I'm at cmeinel@techbroker.com. Please direct flames to
    dev/null@techbroker.com. Happy hacking!
    pakna
    Share on Google+

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage
    Share on Google+

  5. #5
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    Yeah.

    If you're going to C&P something, at least post something good, not some shitty "happy hacker" article.
    Share on Google+

  6. #6
    Banned
    Join Date
    Apr 2004
    Posts
    843
    This thread smells funny...

    poop poop poop...
    Share on Google+

  7. #7
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Copyright 1996 Carolyn P. Meinel. You may forward the GUIDE TO (mostly)
    HARMLESS HACKING Ezine as long as you leave this notice at the end. To
    subscribe, email cmeinel@techbroker.com with message "subscribe hacker
    <joe.blow@my.isp.net>" substituting your real email address for Joe Blow's.

    Hmm. I wonder if he's aware of copyright laws...
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides