Using Finger to Enumerate nix Systems

The following is an example of how to use the Finger command on remote as well as local *nix systems for enumeration. This is a powerful command that can be used to collect info from a remote system. Boot the system into Linux with the help of the resourceful BackTrack DVD, and Enter “startx” at the provided command prompt. Open the Konsole shell and Enter “man finger” in the shell. Go throught the manual. The spacebar can be used for scrolling through the document. Use Ctrl+Z for exitting the document reader when finished with it. Enter “finger root” and notice that the output of this shows the logon name, the directory at which the root account at present is located, whatever shell is being used at the time, as well as the date that the root account logged in to the system. For looking for any remote *nix systems that may be runnning fingerd, Enter “finger Follow the hints provided by fingerd like the ways of how possibly to firther narrow down the query in question. Different remote addresses may be experimented with here. Even universities the calibre of Harvey Mudd, MIT, Carnegie have had fingerd listening on their systems. They may even have them doing so nowm but it has to be checked. An Internet search can be used to come up with other .edu domains that may be used for the Finger command and to see if any users are logged on (in case of the command working). A known email address can also be used with the Finger command to see if any response is returned. For seeing who is behind an account’s name or ID, the info provide by the Finger command can be used to do an Internet search. Even the professional background of such people can be found using this technique. But it should be kept in mind that such identification may be damaging to the owner/admin identified.