-
December 31st, 2001, 08:08 AM
#1
Help with FINGERD
A freind of mine has a network. He is convinced he dosnt need a security analyst. Or as it seems security at all. Anyways, i am in need of a job so he tells me, " you hack my box and sell me the exploit info." So i have been scanning and fingerprinting his ass.
I found he has a *nix box. This is what i found when scanning that.
TELNET
23: [255]
[251][1][255][251][3][255][253][24][255][253][31][13][10]
[13][10]
User Access Verification[13][10]
[13][10]
Password:
FINGER
79: [13]
[10]
Line User Host(s) Idle Location[13][10]
* 66 vty 0 idle 00:00:00
Kay well... I have no idea about the FINGER daemon.How can it be
exploited. All i can seem to remember about FINGER was an artical I read in 2600 about it being the most exploitable blah blah blah.....any ways this is good news to me. BUT any info at all would be GREATLY appriciated.
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2
-
December 31st, 2001, 02:00 PM
#2
Senior Member
finger is a service that lets you see who is logged into the system and a little about them like last login, new mail, unread mail, the users $HOME directory, and their .plan file.
The way this can be exploited is most commonly in information gathering. Remotely you can use finger on a domain name and get information about who is logged into the system and on which tty.
A couple of other simple networking utilites that produce interesting output are `rusers' , `showmount', `host' and `whois'.
Here is an example of the hosts command in action.
# host -l -v -t any bu.edu
Found 1 addresses for BU.EDU
Found 1 addresses for RS0.INTERNIC.NET
Found 1 addresses for SOFTWARE.BU.EDU
Found 5 addresses for RS.INTERNIC.NET
Found 1 addresses for NSEGC.BU.EDU
Trying 128.197.27.7
bu.edu 86400 IN SOA BU.EDU HOSTMASTER.BU.EDU(
961112121 ;serial (version)
900 ;refresh period
900 ;retry refresh this often
604800 ;expiration period
86400 ;minimum TTL
)
bu.edu 86400 IN NS SOFTWARE.BU.EDU
bu.edu 86400 IN NS RS.INTERNIC.NET
bu.edu 86400 IN NS NSEGC.BU.EDU
bu.edu 86400 IN A 128.197.27.7
And here is a nifty output on that domain using whois.
bu.edu 86400 IN HINFO SUN-SPARCSTATION-10/41 UNIX
PPP-77-25.bu.edu 86400 IN A 128.197.7.237
PPP-77-25.bu.edu 86400 IN HINFO PPP-HOST PPP-SW
PPP-77-26.bu.edu 86400 IN A 128.197.7.238
PPP-77-26.bu.edu 86400 IN HINFO PPP-HOST PPP-SW
ODIE.bu.edu 86400 IN A 128.197.10.52
ODIE.bu.edu 86400 IN MX 10 CS.BU.EDU
ODIE.bu.edu 86400 IN HINFO DEC-ALPHA-3000/300LX OSF1
STRAUSS.bu.edu 86400 IN HINFO PC-PENTIUM DOS/WINDOWS
BURULLUS.bu.edu 86400 IN HINFO SUN-3/50 UNIX (Ouch)
GEORGETOWN.bu.edu 86400 IN HINFO MACINTOSH MAC-OS
CHEEZWIZ.bu.edu 86400 IN HINFO SGI-INDIGO-2 UNIX
POLLUX.bu.edu 86400 IN HINFO SUN-4/20-SPARCSTATION-SLC UNIX
SFA109-PC201.bu.edu 86400 IN HINFO PC MS-DOS/WINDOWS
UH-PC002-CT.bu.edu 86400 IN HINFO PC-CLONE MS-DOS
SOFTWARE.bu.edu 86400 IN HINFO SUN-SPARCSTATION-10/30 UNIX
CABMAC.bu.edu 86400 IN HINFO MACINTOSH MAC-OS
VIDUAL.bu.edu 86400 IN HINFO SGI-INDY IRIX
KIOSK-GB.bu.edu 86400 IN HINFO GATORBOX GATORWARE
CLARINET.bu.edu 86400 IN HINFO VISUAL-X-19-TURBO X-SERVER
DUNCAN.bu.edu 86400 IN HINFO DEC-ALPHA-3000/400 OSF1
MILHOUSE.bu.edu 86400 IN HINFO VAXSTATION-II/GPX UNIX
PSY81-PC150.bu.edu 86400 IN HINFO PC WINDOWS-95
BUPHYC.bu.edu 86400 IN HINFO VAX-4000/300 OpenVMS
Ok, so you get the idea, check out the man pages on those commands.
For any exploits go chedck out http://www.securityfocus.com/, they have a good database.
Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.
Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.
-
January 2nd, 2002, 12:34 AM
#3
Ok what?
lol.
I have discovered that the Ip i was scanning is a firewall or possibly a router seeing as how the Telnet:23 password prompt
is simply only that.It has no user name prompt. Gives me three passwordprompts hen dissconnects.
User Access Verification[13][10]
[13][10]
Password:
Password:
Password:
Also on the finger info it says line and underneth it says
*66 vty 0 what the hell is that? Possibly the computer name on the network?Also states USER and HOST. These have been left blank.
Line User Host(s) Idle Location[13][10]
* 66 vty 0 idle 00:00:00
Please make sence of this for me i have hit a deadend.
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|