Results 1 to 3 of 3

Thread: Help with FINGERD

  1. #1
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724

    Unhappy Help with FINGERD

    A freind of mine has a network. He is convinced he dosnt need a security analyst. Or as it seems security at all. Anyways, i am in need of a job so he tells me, " you hack my box and sell me the exploit info." So i have been scanning and fingerprinting his ass.
    I found he has a *nix box. This is what i found when scanning that.
    TELNET

    23: [255]
    [251][1][255][251][3][255][253][24][255][253][31][13][10]
    [13][10]
    User Access Verification[13][10]
    [13][10]
    Password:

    FINGER

    79: [13]
    [10]
    Line User Host(s) Idle Location[13][10]
    * 66 vty 0 idle 00:00:00

    Kay well... I have no idea about the FINGER daemon.How can it be
    exploited. All i can seem to remember about FINGER was an artical I read in 2600 about it being the most exploitable blah blah blah.....any ways this is good news to me. BUT any info at all would be GREATLY appriciated.
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    185
    finger is a service that lets you see who is logged into the system and a little about them like last login, new mail, unread mail, the users $HOME directory, and their .plan file.

    The way this can be exploited is most commonly in information gathering. Remotely you can use finger on a domain name and get information about who is logged into the system and on which tty.

    A couple of other simple networking utilites that produce interesting output are `rusers' , `showmount', `host' and `whois'.

    Here is an example of the hosts command in action.

    # host -l -v -t any bu.edu

    Found 1 addresses for BU.EDU
    Found 1 addresses for RS0.INTERNIC.NET
    Found 1 addresses for SOFTWARE.BU.EDU
    Found 5 addresses for RS.INTERNIC.NET
    Found 1 addresses for NSEGC.BU.EDU
    Trying 128.197.27.7
    bu.edu 86400 IN SOA BU.EDU HOSTMASTER.BU.EDU(
    961112121 ;serial (version)
    900 ;refresh period
    900 ;retry refresh this often
    604800 ;expiration period
    86400 ;minimum TTL
    )
    bu.edu 86400 IN NS SOFTWARE.BU.EDU
    bu.edu 86400 IN NS RS.INTERNIC.NET
    bu.edu 86400 IN NS NSEGC.BU.EDU
    bu.edu 86400 IN A 128.197.27.7


    And here is a nifty output on that domain using whois.

    bu.edu 86400 IN HINFO SUN-SPARCSTATION-10/41 UNIX
    PPP-77-25.bu.edu 86400 IN A 128.197.7.237
    PPP-77-25.bu.edu 86400 IN HINFO PPP-HOST PPP-SW
    PPP-77-26.bu.edu 86400 IN A 128.197.7.238
    PPP-77-26.bu.edu 86400 IN HINFO PPP-HOST PPP-SW
    ODIE.bu.edu 86400 IN A 128.197.10.52
    ODIE.bu.edu 86400 IN MX 10 CS.BU.EDU
    ODIE.bu.edu 86400 IN HINFO DEC-ALPHA-3000/300LX OSF1
    STRAUSS.bu.edu 86400 IN HINFO PC-PENTIUM DOS/WINDOWS
    BURULLUS.bu.edu 86400 IN HINFO SUN-3/50 UNIX (Ouch)
    GEORGETOWN.bu.edu 86400 IN HINFO MACINTOSH MAC-OS
    CHEEZWIZ.bu.edu 86400 IN HINFO SGI-INDIGO-2 UNIX
    POLLUX.bu.edu 86400 IN HINFO SUN-4/20-SPARCSTATION-SLC UNIX
    SFA109-PC201.bu.edu 86400 IN HINFO PC MS-DOS/WINDOWS
    UH-PC002-CT.bu.edu 86400 IN HINFO PC-CLONE MS-DOS
    SOFTWARE.bu.edu 86400 IN HINFO SUN-SPARCSTATION-10/30 UNIX
    CABMAC.bu.edu 86400 IN HINFO MACINTOSH MAC-OS
    VIDUAL.bu.edu 86400 IN HINFO SGI-INDY IRIX
    KIOSK-GB.bu.edu 86400 IN HINFO GATORBOX GATORWARE
    CLARINET.bu.edu 86400 IN HINFO VISUAL-X-19-TURBO X-SERVER
    DUNCAN.bu.edu 86400 IN HINFO DEC-ALPHA-3000/400 OSF1
    MILHOUSE.bu.edu 86400 IN HINFO VAXSTATION-II/GPX UNIX
    PSY81-PC150.bu.edu 86400 IN HINFO PC WINDOWS-95
    BUPHYC.bu.edu 86400 IN HINFO VAX-4000/300 OpenVMS

    Ok, so you get the idea, check out the man pages on those commands.

    For any exploits go chedck out http://www.securityfocus.com/, they have a good database.
    Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.

    Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.


  3. #3
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724
    Ok what?
    lol.

    I have discovered that the Ip i was scanning is a firewall or possibly a router seeing as how the Telnet:23 password prompt
    is simply only that.It has no user name prompt. Gives me three passwordprompts hen dissconnects.

    User Access Verification[13][10]
    [13][10]

    Password:
    Password:
    Password:

    Also on the finger info it says line and underneth it says
    *66 vty 0 what the hell is that? Possibly the computer name on the network?Also states USER and HOST. These have been left blank.

    Line User Host(s) Idle Location[13][10]
    * 66 vty 0 idle 00:00:00

    Please make sence of this for me i have hit a deadend.
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •