-
Notifications
You must be signed in to change notification settings - Fork 7
/
fat-finger.nse
82 lines (69 loc) · 2.69 KB
/
fat-finger.nse
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
-- Released as open source by NCC Group Plc - http://www.nccgroup.com/
-- OpenSSH Username enumeration
-- Developed by Ed Williams <Ed.Williams@nccgroup.com>
-- https://github.com/nccgroup/fat-finger
-- This program is free software: you can redistribute it and/or modify
-- it under the terms of the GNU Affero General Public License as
-- published by the Free Software Foundation, either version 3 of the
-- License, or (at your option) any later version.
-- You should have received a copy of the GNU Affero General Public License
-- along with this program (in the LICENSE file). If not, see
-- <http://www.gnu.org/licenses/>.
local comm = require "comm"
local nmap = require "nmap"
local shortport = require "shortport"
description = [[
Extends the orginal finger.nse and attempts to enumerate current logged on users through a full match of the username and a partical match of the GECOS field in /etc/passwd
]]
author = "Ed Williams"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}
---
-- @output
-- PORT STATE SERVICE
-- 79/tcp open finger
-- | fat-finger: finger: admin: no such user.
-- | finger: unix: no such user.
-- | finger: dba: no such user.
-- | finger: oracle: no such user.
-- | finger: sybase: no such user.
-- | finger: ingres: no such user.
-- | finger: db: no such user.
-- | finger: help: no such user.
-- | finger: IT: no such user.
-- | finger: test: no such user.
-- | Login: root Name: root
-- | Directory: /root Shell: /bin/bash
-- | Last login Thu Nov 26 16:05 2009 (GMT) on pts/1 from 192.168.226.1
-- | No mail.
-- | No Plan.
-- |
-- | Login: mysql Name: MySQL Server
-- | Directory: /var/lib/mysql Shell: /bin/false
-- | Never logged in.
-- | No mail.
-- | No Plan.
-- |
-- | Login: ftp Name: ftp daemon
-- | Directory: /srv/ftp Shell: /bin/false
-- | Never logged in.
-- | No mail.
-- | No Plan.
-- |
-- | Login: hplip Name: HPLIP system user
-- | Directory: /var/run/hplip Shell: /bin/false
-- | Never logged in.
-- | No mail.
-- | No Plan.
-- |
-- | Login: gnats Name: Gnats Bug-Reporting System (admin)
-- | Directory: /var/lib/gnats Shell: /bin/sh
-- | Never logged in.
-- | No mail.
-- |_No Plan.
portrule = shortport.port_or_service(79, "finger")
action = function(host, port)
local try = nmap.new_try()
return try(comm.exchange(host, port, "root admin system unix dba oracle mysql sybase ingres db ftp help IT user test\r\n",
{lines=100, proto=port.protocol, timeout=5000}))
end