Enumerating Logged-on Users Using the Finger Protocol
Project details
Introduction
In the realm of cybersecurity, enumeration is a critical step during penetration testing and vulnerability assessments. It involves gathering information about a target system, such as usernames, email addresses, and logged-on users. One of the older protocols used for this purpose is the Finger Protocol, which operates on port 79. This project will guide you through the process of enumerating logged-on users using the Finger Protocol, both from the attacker's and defender's perspectives. By the end of this project, you will understand how to use the Finger Protocol to gather user information and how to secure your systems against such enumeration attempts.
Project Objectives
Understand the Finger Protocol: Learn how the Finger Protocol works and its role in enumerating user information.
Enumerate Logged-on Users: Use tools like Nmap and Finger to enumerate logged-on users on a target machine.
Secure Systems Against Finger Enumeration: Learn how to disable the Finger service to prevent unauthorized access to user information.
Explore Alternative Enumeration Methods: Use Telnet as an alternative method to enumerate user information.
Step-by-Step Guide
1. Setting Up the Environment
Step 1: Log into a Red Hat Enterprise Linux (RHEL) or CentOS machine. This will serve as the target machine for enumeration.
Step 2: Ensure that the Finger service is running on the target machine. You can check this by running:
systemctl status finger
If the service is not running, you can start it using:
sudo systemctl start finger
2. Enumerating Logged-on Users Using Nmap
Step 1: From an attacker's perspective, switch to a Parrot OS or any other penetration testing distribution.
Step 2: Perform a port scan on the target machine (e.g.,
192.168.0.50) to check if port 79 (Finger service) is open:nmap -p 79 192.168.0.50
If port 79 is open, it means the Finger service is running on the target machine.
3. Using the Finger Client to Enumerate Users
Step 1: Use the Finger client to enumerate logged-on users on the target machine:
finger @192.168.0.50
This command will return information about currently logged-on users, including their login names, full names, and login times.
Step 2: To get detailed information about a specific user (e.g.,
Admin), run:finger Admin@192.168.0.50
This will display additional details such as the user's home directory, login shell, and last login time.
4. Enumerating Users Using Telnet
Step 1: As an alternative to the Finger client, you can use Telnet to connect to the Finger service on port 79:
telnet 192.168.0.50 79
Step 2: Once connected, type the username (e.g.,
Admin) and press Enter. The Finger service will return the user's information.
5. Securing the System Against Finger Enumeration
Step 1: To prevent unauthorized access to user information, it is recommended to disable the Finger service on the target machine.
Step 2: Edit the Finger configuration file located at
/etc/xinetd.d/finger:sudo nano /etc/xinetd.d/finger
Step 3: Change the
disableparameter toyes:disable = yes
Step 4: Restart the xinetd service to apply the changes:
sudo systemctl restart xinetdStep 5: Verify that the Finger service is no longer running by performing another Nmap scan:
nmap -p 79 192.168.0.50
Port 79 should now be closed.
Conclusion
In this project, we successfully:
Enumerated logged-on users using the Finger Protocol and tools like Nmap and Telnet.
Gathered detailed user information, including login names, home directories, and login times.
Secured the target system by disabling the Finger service to prevent unauthorized enumeration.
This project highlights the importance of understanding both offensive and defensive techniques in cybersecurity. By following this guide, you can learn how to enumerate user information during penetration testing and how to protect your systems from similar attacks.