On Thu, 13 Oct 1994, Scott Chasin wrote: > > On Thu, 13 Oct 1994, Tony Jago wrote: [indirect fingering and ultrix @@host.somehwere.com] > This would dump all system known users. The first '@' is translated to > a NULL and fools fingerd into dumping everything. > > -- > > The same hack in a different fashion on SunOS 4.1.x will give random users > profiles (at least from what I have seen.. At one time I thought not). > > Example: finger 23234123123123123@some.sunos.host.com > > The rather large number has strange effect on fingerd -- I haven't looked > close enought to see what. > > --Scott > chasin@crimelab.com > You might be interested in the response of simply telnetting to the finger port on most systems. It displays all the users on the system. ---------------------------------------------------------------------------- It's *amazing* what one can accomplish when one doesn't know what one can't do!