Re: finger-bombing

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Michael Neuman: "Re: Hackers Out of Business?"
• Previous message: Richard A Childers: "Internet worm source code"
• In reply to: Scott Chasin: "Re: finger-bombing"

On Thu, 13 Oct 1994, Scott Chasin wrote:

> > On Thu, 13 Oct 1994, Tony Jago wrote:

[indirect fingering and ultrix @@host.somehwere.com]

> This would dump all system known users.  The first '@' is translated to
> a NULL and fools fingerd into dumping everything.
> 
> --
> 
> The same hack in a different fashion on SunOS 4.1.x will give random users
> profiles (at least from what I have seen.. At one time I thought not).
> 
> Example: finger 23234123123123123@some.sunos.host.com
> 
> The rather large number has strange effect on fingerd -- I haven't looked
> close enought to see what.
> 
> --Scott
> chasin@crimelab.com
> 

You might be interested in the response of simply telnetting to 
the finger port on most systems.  It displays all the users
on the system.

----------------------------------------------------------------------------
		It's *amazing* what one can accomplish when 
		    one doesn't know what one can't do!

• Next message: Michael Neuman: "Re: Hackers Out of Business?"
• Previous message: Richard A Childers: "Internet worm source code"
• In reply to: Scott Chasin: "Re: finger-bombing"