Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: fingerd problems
From: brian () saturn net (Brian Mitchell)
Date: Fri, 17 May 1996 02:41:47 -0400

On Thu, 16 May 1996, Elliot Lee wrote:


[ list of ways to list all the users on a system using fingerd ]


Another vulnerability of many finger daemons is their ability to support
'chain' fingers. If they are passed a "username" in the form of
'user () ahost net' the finger daemon will repeat the finger, effectively
hiding the tracks of anyone trying to scope out your system security.

For a demonstration, 'telnet prep.ai.mit.edu 79' and type
'[yourname] () [yourhost]'. If you have TCP wrappers installed, you will
notice that the finger connection comes from prep.ai.mit.edu, not [yourhost].



Some www servers also include the 'finger' cgi program, which can be used
in much the same way, ie:

lynx http://www.cgis.net/cgi-bin/finger\?user () host

Brian Mitchell                  brian () saturn net

"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]