# 113 - Pentesting Ident {{#include ../banners/hacktricks-training.md}} ## 基本信息 **Ident协议**用于通过**互联网**将**TCP连接**与特定用户关联。最初设计用于帮助**网络管理**和**安全**,它通过允许服务器在113端口查询客户端以请求有关特定TCP连接用户的信息来操作。 然而,由于现代隐私问题和潜在的滥用,其使用已减少,因为它可能无意中向未经授权的方泄露用户信息。建议采取增强的安全措施,例如加密连接和严格的访问控制,以减轻这些风险。 **默认端口:** 113 ``` PORT STATE SERVICE 113/tcp open ident ``` ## **枚举** ### **手动 - 获取用户/识别服务** 如果一台机器正在运行服务 ident 和 samba (445),并且你通过端口 43218 连接到 samba。你可以通过以下方式获取正在运行 samba 服务的用户: ![](<../images/image (843).png>) 如果你在连接到服务时只按回车: ![](<../images/image (159).png>) 其他错误: ![](<../images/image (359).png>) ### Nmap 默认情况下(\`-sC\`),nmap 将识别每个运行端口的每个用户: ``` PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.3p2 Debian 9 (protocol 2.0) |_auth-owners: root | ssh-hostkey: | 1024 88:23:98:0d:9d:8a:20:59:35:b8:14:12:14:d5:d0:44 (DSA) |_ 2048 6b:5d:04:71:76:78:56:96:56:92:a8:02:30:73:ee:fa (RSA) 113/tcp open ident |_auth-owners: identd 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: LOCAL) |_auth-owners: root 445/tcp open netbios-ssn Samba smbd 3.0.24 (workgroup: LOCAL) |_auth-owners: root ``` ### Ident-user-enum [**Ident-user-enum**](https://github.com/pentestmonkey/ident-user-enum) 是一个简单的 PERL 脚本,用于查询 ident 服务 (113/TCP),以确定目标系统上每个 TCP 端口上监听进程的所有者。收集到的用户名列表可以用于对其他网络服务进行密码猜测攻击。可以通过 `apt install ident-user-enum` 安装。 ``` root@kali:/opt/local/recon/192.168.1.100# ident-user-enum 192.168.1.100 22 113 139 445 ident-user-enum v1.0 ( http://pentestmonkey.net/tools/ident-user-enum ) 192.168.1.100:22 root 192.168.1.100:113 identd 192.168.1.100:139 root 192.168.1.100:445 root ``` ### Shodan - `oident` ## 文件 identd.conf ## HackTricks 自动命令 ``` Protocol_Name: Ident #Protocol Abbreviation if there is one. Port_Number: 113 #Comma separated if there is more than one. Protocol_Description: Identification Protocol #Protocol Abbreviation Spelled out Entry_1: Name: Notes Description: Notes for Ident Note: | The Ident Protocol is used over the Internet to associate a TCP connection with a specific user. Originally designed to aid in network management and security, it operates by allowing a server to query a client on port 113 to request information about the user of a particular TCP connection. https://book.hacktricks.xyz/pentesting/113-pentesting-ident Entry_2: Name: Enum Users Description: Enumerate Users Note: apt install ident-user-enum ident-user-enum {IP} 22 23 139 445 (try all open ports) ``` {{#include ../banners/hacktricks-training.md}}