Powered by Blogger.
Home » » Module 06: Network Penetration Testing Methodology-Internal /3

Module 06: Network Penetration Testing Methodology-Internal /3

Written By AKADEMY on Wednesday, July 3, 2019 | 11:15 AM

Exercise 3: Enumerating Logged on Users Using Finger Protocol

Scenario

The Finger service displays information such as currently logged-on users (if any), email address, full name etc.
During a penetration test, the initial task of a pentester is to enumerate user information such as usernames, email addresses, etc.
In this lab, you are going to learn how to enumerate user information using finger client.
Lab Duration15 Minutes
  1. Click Red Hat Enterprise Linux Subnet D.
    Type Admin in the Username field, password in the Password field and press Enter.
    Screenshot
  2. On successful login, Red Hat Enterprise Linux CentOS desktop appears as shown in the screenshot.
    We are logging into the machine since Fingerenumerates only the logged on users.
    Screenshot
  3. Click @lab.VirtualMachine(KaliLinux(ExternalNetwork)).SelectLink.
    If the Kali Linux lock screen appears, click on the screen and press Enter. If it does not appear, skip to the next task.
    Screenshot
  4. Type root in the Username field and click Next.
    Screenshot
  5. Type toor in the Password field and click Sign In.
    Screenshot
  6. In this lab, we are going to target the IP address 172.20.20.25 (Red Hat Enterprise Linux Subnet D machine) that was discovered during the ping sweep scan in the earlier lab exercises.
    Finger protocol uses port 79, so, choosing CentOS as our target machine, let us perform an Nmap scan on port 79.
    Launch a command line terminal, type nmap -p 79 172.20.20.25 and press Enter.
    Screenshot
  7. You will observe that the port 79 is open in the Nmap result, meaning finger service is running on the target machine.
    Screenshot
  8. Now, we shall enumerate the logged on users on the remote machine using Finger client. Assuming we don't know the logged on username, type finger @172.20.20.25, and press Enter.
    Screenshot
  9. Finger client returns the logged in user information such as the login name, name of the user and login time as shown in the screenshot below.
    Screenshot
  10. Since we found the username, we shall use this to extract additional information such as the name of the user, home directory, login name, and shell.
    Type finger Admin@172.20.20.25 and press Enter.
    Screenshot
  11. Alternatively, we can enumerate usernames using Telnet service by issuing the following command in the command line terminal:
    telnet 172.20.20.25 79
    Screenshot
  12. Type Admin and press Enter. This displays the enumerated user information as shown in the screenshot below.
    Screenshot
  13. To safeguard your machine from returning the logged in user information, it is recommended to disable finger service on the machine by editing the finger text file located in the /etc/xinetd.d.
    This is just a proof of concept to show the reason for the vulnerability and you are not required to log in to the machine to view the above-mentioned file.
    The finger text file is located in /etc/xinetd.d.
    Screenshot
In this lab, you have learned how to enumerate user information using finger client.
Share this article :

0 comments:

Post a Comment

 
Trung Tâm Đào Tạo An Toàn Thông Tin Học Hacker Mũ Xám Online | Học An Ninh Mạng Trực Tuyến | CEH VIỆT NAM
Copyright © 2013. HACKER MŨ XÁM - All Rights Reserved
Web Master @ Võ Sĩ Máy Tính
Contact @ Đông Dương ICT