127 lines
4.8 KiB
Markdown
127 lines
4.8 KiB
Markdown
|
|
|
|
<details>
|
|
|
|
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
|
|
|
Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
|
|
|
Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
|
|
Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
|
|
**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
|
|
|
**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
|
|
|
</details>
|
|
|
|
|
|
# Basic Information
|
|
|
|
Is an [Internet](https://en.wikipedia.org/wiki/Internet) [protocol](https://en.wikipedia.org/wiki/Protocol_\(computing\)) that helps identify the user of a particular [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) connection.
|
|
|
|
**Default port:** 113
|
|
|
|
```
|
|
PORT STATE SERVICE
|
|
113/tcp open ident
|
|
```
|
|
|
|
# **Enumeration**
|
|
|
|
## **Manual - Get user/Identify the service**
|
|
|
|
If a machine is running the service ident and samba (445) and you are connected to samba using the port 43218. You can get which user is running the samba service by doing:
|
|
|
|
.png>)
|
|
|
|
If you just press enter when you conenct to the service:
|
|
|
|
.png>)
|
|
|
|
Other errors:
|
|
|
|
.png>)
|
|
|
|
## Nmap
|
|
|
|
By default (-sC) nmap will identify every user of every running port:
|
|
|
|
```
|
|
PORT STATE SERVICE VERSION
|
|
22/tcp open ssh OpenSSH 4.3p2 Debian 9 (protocol 2.0)
|
|
|_auth-owners: root
|
|
| ssh-hostkey:
|
|
| 1024 88:23:98:0d:9d:8a:20:59:35:b8:14:12:14:d5:d0:44 (DSA)
|
|
|_ 2048 6b:5d:04:71:76:78:56:96:56:92:a8:02:30:73:ee:fa (RSA)
|
|
113/tcp open ident
|
|
|_auth-owners: identd
|
|
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: LOCAL)
|
|
|_auth-owners: root
|
|
445/tcp open netbios-ssn Samba smbd 3.0.24 (workgroup: LOCAL)
|
|
|_auth-owners: root
|
|
```
|
|
|
|
## Ident-user-enum
|
|
|
|
Ident-user-enum is a simple PERL script to query the ident service (113/TCP) in order to determine the owner of the process listening on each TCP port of a target system. The list of usernames gathered can be used for password guessing attacks on other network services. It can be installed with `apt install ident-user-enum`.
|
|
|
|
```
|
|
root@kali:/opt/local/recon/192.168.1.100# ident-user-enum 192.168.1.100 22 113 139 445
|
|
ident-user-enum v1.0 ( http://pentestmonkey.net/tools/ident-user-enum )
|
|
|
|
192.168.1.100:22 root
|
|
192.168.1.100:113 identd
|
|
192.168.1.100:139 root
|
|
192.168.1.100:445 root
|
|
```
|
|
|
|
## Shodan
|
|
|
|
* `oident`
|
|
|
|
# Files
|
|
|
|
identd.conf
|
|
|
|
# HackTricks Automatic Commands
|
|
|
|
```
|
|
Protocol_Name: Ident #Protocol Abbreviation if there is one.
|
|
Port_Number: 113 #Comma separated if there is more than one.
|
|
Protocol_Description: Identification Protocol #Protocol Abbreviation Spelled out
|
|
|
|
Entry_1:
|
|
Name: Notes
|
|
Description: Notes for Ident
|
|
Note: |
|
|
Is an Internet protocol that helps identify the user of a particular TCP connection.
|
|
|
|
https://book.hacktricks.xyz/pentesting/113-pentesting-ident
|
|
|
|
Entry_2:
|
|
Name: Enum Users
|
|
Description: Enumerate Users
|
|
Note: apt install ident-user-enum ident-user-enum {IP} 22 23 139 445 (try all open ports)
|
|
```
|
|
|
|
|
|
<details>
|
|
|
|
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
|
|
|
Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
|
|
|
Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
|
|
Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
|
|
**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
|
|
|
**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
|
|
|
</details>
|
|
|
|
|