Ident
aka identd, auth
The Identification Protocol on 113 returns the username that owns a given TCP connection. Query it against other open services to map which OS account runs each one — a quick user list.
Ports
| Port | Proto | Notes |
|---|---|---|
113 | tcp | ident / auth |
Fingerprint
- nmap auth-owners populates the owner of other open ports
- Responds to 'port,port' queries with USERID
Exploitation primitives
- Ask ident which user owns each open service → ties services to accounts
- ident-user-enum scripts this across all open ports (build a user list)
- Knowing a service runs as root vs a low-priv user guides exploitation
Overview
Ident on 113 answers “which user owns connection X?”. Point it at a host’s other open ports and it tells you the account behind each service.
Enumeration
nmap, auto-filling owners for open ports:
nmap -p113 --script auth-owners <TARGET>Map every open service to its user:
ident-user-enum.pl <TARGET> 22 80 110 143Hardening
Disable identd — it leaks account names and serves no modern purpose.