|
|
Sponsored Content
Top Forums
UNIX for Beginners Questions & Answers
Finger command and security issue
Post 302984559 by alvinoo on Thursday 27th of October 2016 08:54:28 AM
10-27-2016
Finger command and security issue
Code:
$ finger yeti Login: yeti Name: yeti Directory: /arpa/tz/y/yeti Shell: /bin/ksh On since Wed Apr 2 15:24 (UTC) on pts/149 Mail last read Mon Mar 31 11:08 2014 (UTC) No Plan.
I am trying to understand how does the finger dameon derives the information it returns and how it can be abused.
| Moderator's Comments: | ||
|
Last edited by rbatte1; 10-27-2016 at 10:20 AM.. Reason: Added CODE tags
|
|
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
This is my senario.....
The user enters a userid into linux.
((I have have already scripted the command to read this userid.))
I need help in writing the script so It reads the userID and in conjuction w/ the finger command displays to the user "no plan" on the screen (so the user reads/sees... (4 Replies)
Discussion started by: apolishuk
4 Replies
2. Shell Programming and Scripting
I'm trying to clean up my server and I have the list of some "special" users stored on the text file like this
Now I want to write a shell script to finger all of them so I can have some kind of ideas who they are but here comes the problem....I completely forgot how to do it with shell... (3 Replies)
Discussion started by: Micz
3 Replies
3. UNIX for Advanced & Expert Users
Hello all,
Here is what I am trying to do. If a user exist, then send an echo "EXIST" or else "DOES NOT EXIST". (under HP-UX)
Kind of:
#!/usr/bin/sh
USER=mylogin
finger $USER
if $? = 0
then
echo "EXIST""
else
echo "DOES NOT EXIST"
fi (10 Replies)
Discussion started by: qfwfq
10 Replies
4. Shell Programming and Scripting
Hi,
iam using sunsolaris.
when you type finger command -- it dispalys information about local and remote users.
but here it shows as can't stat /dev/gold:8664
can anybody help what is the solution for this error.
previously the output came.
thanks,
shan (1 Reply)
Discussion started by: shanshine
1 Replies
5. UNIX for Dummies Questions & Answers
Hello all,
my unix is bash based and the finger command output is:
Login Name Tty Idle LoginTime Office
amos.john Amos John pts/26 1 Dec 5 16:18 (77.100.22.07)
What am trying to achieve is extract the Login (amos.john) and Name (Amos John) from this output without using awk or sed.
... (1 Reply)
Discussion started by: franny
1 Replies
6. UNIX for Advanced & Expert Users
I want to know the correct version of how i should use the finger command in this example below.(os is debian lenny)
(nymserver.pl is located in /home/nymserv directory.)
the two versions are :
(in/etc/inetd.conf)
finger stream tcp nowait nymuser /usr/nym/nymserv nymserv... (3 Replies)
Discussion started by: xstation
3 Replies
7. UNIX for Dummies Questions & Answers
Hi
Does anyone know if there is anyway of doing the finger command for all user id's in my enviroment. What I need to obtain is the full names of all users on the system.
I know if i do the finger command with no arguments it will list users currently logged in, but i need all users...
... (2 Replies)
Discussion started by: m3y
2 Replies
8. UNIX for Dummies Questions & Answers
how to extract user machine name for current terminal using finger command
below command gives machinename for all session , is it possible to filter it to only currernt terminal ?
finger -b -p $LOGNAME | grep from (12 Replies)
Discussion started by: lalitpct
12 Replies
9. UNIX for Dummies Questions & Answers
Hi,
I am writing script to take last logon user id detials by using finger command.
But I am getting below output.
wer34 Feb 10:23
I NEED to display
wer34 Feb 10 2013 10:23, Is there any way to get like this. (18 Replies)
Discussion started by: stew
18 Replies
10. Solaris
Hi
I need to disable finger & telnet command in solaris 8
I have put the # infront of finger and telnet line in /etc/inetd.conf file. Further I have run the below command
kill -1 <process id of inetd >
But when I am running finger command it is till giving information for remote machine... (8 Replies)
Discussion started by: amity
8 Replies
LEARN ABOUT REDHAT
finger
FINGER(1) BSD General Commands Manual FINGER(1) NAME
finger -- user information lookup program SYNOPSIS
finger [-lmsp] [user ...] [user@host ...] DESCRIPTION
The finger displays information about the system users. Options are: -s Finger displays the user's login name, real name, terminal name and write status (as a ``*'' after the terminal name if write permis- sion is denied), idle time, login time, office location and office phone number. Login time is displayed as month, day, hours and minutes, unless more than six months ago, in which case the year is displayed rather than the hours and minutes. Unknown devices as well as nonexistent idle and login times are displayed as single asterisks. -l Produces a multi-line format displaying all of the information described for the -s option as well as the user's home directory, home phone number, login shell, mail status, and the contents of the files ``.plan'', ``.project'', ``.pgpkey'' and ``.forward'' from the user's home directory. Phone numbers specified as eleven digits are printed as ``+N-NNN-NNN-NNNN''. Numbers specified as ten or seven digits are printed as the appropriate subset of that string. Numbers specified as five digits are printed as ``xN-NNNN''. Numbers specified as four digits are printed as ``xNNNN''. If write permission is denied to the device, the phrase ``(messages off)'' is appended to the line containing the device name. One entry per user is displayed with the -l option; if a user is logged on multiple times, terminal information is repeated once per login. Mail status is shown as ``No Mail.'' if there is no mail at all, ``Mail last read DDD MMM ## HH:MM YYYY (TZ)'' if the person has looked at their mailbox since new mail arriving, or ``New mail received ...'', `` Unread since ...'' if they have new mail. -p Prevents the -l option of finger from displaying the contents of the ``.plan'', ``.project'' and ``.pgpkey'' files. -m Prevent matching of user names. User is usually a login name; however, matching will also be done on the users' real names, unless the -m option is supplied. All name matching performed by finger is case insensitive. If no options are specified, finger defaults to the -l style output if operands are provided, otherwise to the -s style. Note that some fields may be missing, in either format, if information is not available for them. If no arguments are specified, finger will print an entry for each user currently logged into the system. Finger may be used to look up users on a remote machine. The format is to specify a user as ``user@host'', or ``@host'', where the default output format for the former is the -l style, and the default output format for the latter is the -s style. The -l option is the only option that may be passed to a remote machine. If standard output is a socket, finger will emit a carriage return (^M) before every linefeed (^J). This is for processing remote finger requests when invoked by fingerd(8). FILES
~/.nofinger If finger finds this file in a user's home directory, it will, for finger requests originating outside the local host, firmly deny the existence of that user. For this to work, the finger program, as started by fingerd(8), must be able to see the .nofinger file. This generally means that the home directory containing the file must have the other-users-execute bit set (o+x). See chmod(1). If you use this feature for privacy, please test it with ``finger @localhost'' before relying on it, just in case. ~/.plan ~/.project ~/.pgp These files are printed as part of a long-format request. The .project file is limited to one line; the .plan file may be arbitrarily long. SEE ALSO
chfn(1), passwd(1), w(1), who(1) HISTORY
The finger command appeared in 3.0BSD. Linux NetKit (0.17) August 15, 1999 Linux NetKit (0.17)