Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SunOS 4.1.4 fingerd
From: bitblt () bitblt resnet cornell edu (bitblt () bitblt resnet cornell edu)
Date: Fri, 17 May 1996 11:27:00 -0400

On Fri, 17 May 1996, Steve Coleman - SEWP wrote:

I believe that the feature was to scan the login name field and if a match
was not found to scan the gecos field for any partial information it could
match on.  Is it possible that the '.' and '@' are just forms of a regular
expression or wildcard matching?  If so then how many other wildcards are
there to grep the password file?

. perhaps, but definitely not @.  The @ issue works because what finger
does is find the last @ in the string, strip it, and everything after it,
and then pass what's left as an argument to the  remote fingerd.  In
addition, fingerd functions on many systems by simply passing what it is
given over the network as an argument to the finger command, using some
variant on the exec function.

Thus, when you:

finger foobar () host3@host2 () host1

your local finger client passes the string "foobar () host3@host2" to the
fingerd on host1.  The fingerd on host1 then passes that string to its
local finger client, which in turn passes the string "foobar () host3" to
the fingerd on host2.  The fingerd on host2 passes this string to its
local finger client, which in turn passes the string "foobar" to host3.
The fingerd on host3 then calls its local finger client, which sees that
there is no '@' in the string, and does a local lookup.  This information
is then passed along back from host3 to host2 to host1 and finally to
your own host.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]