fsebugoutzone.org:9999

       Post A2hLCrmr6evL9Ro6oC by stevelord@mastodon.social
 (DIR) More posts by stevelord@mastodon.social
 (DIR) Post #A2hKuvyQnlS6vKfeT2 by paulgatling@bsd.network
       2020-12-29T15:45:06Z
       
       0 likes, 1 repeats
       
       So I&#39;ve noticed a number of #gemini clients also do finger.  While I&#39;m all about the nostalgia, wasn&#39;t having finger open to the world considered a security risk because then it could expose usernames?  Am I over thinking this?  I kind of like the idea of making your .plan .profile a bit of a personal intro page, maybe even pgp public key and whatever else.  Thoughts?
       
 (DIR) Post #A2hKuw9Q8uF7TPoQb2 by julienxx@fedi.9til.de
       2020-12-29T15:53:46Z
       
       0 likes, 0 repeats
       
       @paulgatling what&#39;s interesting with finger for me is exposing stuff that does not match a username. I have various things here `finger @typed-hole.org`. Fun and simple protocol to play with :)Not sure exposing a username is really dangerous once you secured your system (no password login for example) but I&#39;m no security expert at all.
       
 (DIR) Post #A2hLCrmr6evL9Ro6oC by stevelord@mastodon.social
       2020-12-29T15:57:01Z
       
       0 likes, 0 repeats
       
       @julienxx @paulgatling IME aside from one solaris bug finger has only helped me break into systems when there&#39;s been other issues (e.g. finger exposes a uid and path while NFS exports /home across a network).Having said that it&#39;s useful for OS fingerprinting and mapping out a target.
       
 (DIR) Post #A2hLXq9qMJkWBCYp7o by paulgatling@bsd.network
       2020-12-29T16:00:49Z
       
       0 likes, 0 repeats
       
       @julienxxYes!  This is awesome!  I was thinking it would be cool to overload the fingerd server to publish the contents of a file, maybe .finger or something that doesn&#39;t spit out login info and paths.  Super cool stuff!  I see I can run it with a -P and get creative from there I suppose
       
 (DIR) Post #A2hLtOtmO8K00YKNCy by julienxx@fedi.9til.de
       2020-12-29T16:04:45Z
       
       0 likes, 0 repeats
       
       @paulgatling I use efingerd and my nouser file (which is used when no user match on the system) is full of weird entries like:if [ &quot;$3&quot; = &quot;ping&quot; ]; then  echo &quot;PONG!&quot;  ping -c 5 &quot;$2&quot;  exit 0fiit&#39;s really easy to make fun stuff!
       
 (DIR) Post #A2hNLkmMjN09vnwYPA by paulgatling@bsd.network
       2020-12-29T16:21:01Z
       
       0 likes, 0 repeats
       
       @julienxxI&#39;m going to have to check that out, cool stuff!