# 113 - Pentesting Ident

<details>

<summary><strong>从零开始学习 AWS 黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS 红队专家）</strong></a><strong>！</strong></summary>

支持 HackTricks 的其他方式：

* 如果您想看到您的**公司在 HackTricks 中做广告**或**下载 PDF 版的 HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 获取[**官方 PEASS & HackTricks 商品**](https://peass.creator-spring.com)
* 探索[**PEASS 家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord 群组**](https://discord.gg/hRep4RUj7f) 或 [**电报群组**](https://t.me/peass) 或在 **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)\*\* 上关注\*\*我们。
* 通过向 [**HackTricks**](https://github.com/carlospolop/hacktricks) 和 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github 仓库提交 PR 来分享您的黑客技巧。

</details>

<figure><img src="/files/se5N2OCbiHd0PbneketN" alt=""><figcaption></figcaption></figure>

使用 [**Trickest**](https://trickest.com/?utm_campaign=hacktrics\&utm_medium=banner\&utm_source=hacktricks) 可以轻松构建和**自动化工作流程**，使用世界上**最先进**的社区工具。\
立即获取访问权限：

{% embed url="<https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks>" %}

## 基本信息

**Ident 协议**用于在**互联网**上将**TCP 连接**与特定用户关联起来。最初设计用于帮助**网络管理**和**安全**，它通过允许服务器在端口 113 上查询客户端来请求有关特定 TCP 连接用户的信息。

然而，由于现代隐私问题和潜在的滥用可能性，其使用已减少，因为它可能无意中向未经授权的方提供用户信息。建议采取增强的安全措施，如加密连接和严格的访问控制，以减轻这些风险。

\*\*默认端口：\*\*113

```
PORT    STATE SERVICE
113/tcp open  ident
```

## **枚举**

### **手动 - 获取用户/识别服务**

如果一台机器正在运行 ident 和 samba 服务（445 端口），而你通过 43218 端口连接到 samba。你可以通过以下方式获取运行 samba 服务的用户：

![](/files/MsIVUb4QsVSdWevCqAF9)

如果你连接到服务时只是按下回车键：

![](/files/pQahuCvbCp6Avq80ekN1)

其他错误：

![](/files/8d55bd6Ip8zI8tU9Okms)

### Nmap

默认情况下（\`-sC\`），nmap 将识别每个运行端口的每个用户：

```
PORT    STATE SERVICE     VERSION
22/tcp  open  ssh         OpenSSH 4.3p2 Debian 9 (protocol 2.0)
|_auth-owners: root
| ssh-hostkey:
|   1024 88:23:98:0d:9d:8a:20:59:35:b8:14:12:14:d5:d0:44 (DSA)
|_  2048 6b:5d:04:71:76:78:56:96:56:92:a8:02:30:73:ee:fa (RSA)
113/tcp open  ident
|_auth-owners: identd
139/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: LOCAL)
|_auth-owners: root
445/tcp open  netbios-ssn Samba smbd 3.0.24 (workgroup: LOCAL)
|_auth-owners: root
```

### Ident-user-enum

[**Ident-user-enum**](https://github.com/pentestmonkey/ident-user-enum) 是一个简单的 PERL 脚本，用于查询 ident 服务（113/TCP），以确定目标系统上每个 TCP 端口监听的进程所有者。收集到的用户名列表可用于对其他网络服务进行密码猜测攻击。可以使用 `apt install ident-user-enum` 进行安装。

```
root@kali:/opt/local/recon/192.168.1.100# ident-user-enum 192.168.1.100 22 113 139 445
ident-user-enum v1.0 ( http://pentestmonkey.net/tools/ident-user-enum )

192.168.1.100:22  root
192.168.1.100:113 identd
192.168.1.100:139 root
192.168.1.100:445 root
```

### Shodan

* `oident`

## Files

identd.conf

<figure><img src="/files/PcmnOBrpXxCjYC5y3bif" alt=""><figcaption></figcaption></figure>

使用[**Trickest**](https://trickest.com/?utm_campaign=hacktrics\&utm_medium=banner\&utm_source=hacktricks)轻松构建和**自动化**由全球**最先进**的社区工具驱动的工作流。\
立即获取访问权限：

{% embed url="<https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks>" %}

## HackTricks自动命令

```
Protocol_Name: Ident    #Protocol Abbreviation if there is one.
Port_Number:  113     #Comma separated if there is more than one.
Protocol_Description: Identification Protocol         #Protocol Abbreviation Spelled out

Entry_1:
Name: Notes
Description: Notes for Ident
Note: |
The Ident Protocol is used over the Internet to associate a TCP connection with a specific user. Originally designed to aid in network management and security, it operates by allowing a server to query a client on port 113 to request information about the user of a particular TCP connection.

https://book.hacktricks.xyz/pentesting/113-pentesting-ident

Entry_2:
Name: Enum Users
Description: Enumerate Users
Note: apt install ident-user-enum    ident-user-enum {IP} 22 23 139 445 (try all open ports)
```

<details>

<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS红队专家）</strong></a><strong>！</strong></summary>

其他支持HackTricks的方式：

* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
* 探索我们的独家\[**NFTs**]收藏品(<https://opensea.io/collection/the-peass-family>)
* **加入** 💬 [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**电报群组**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hacktricks.xsx.tw/network-services-pentesting/113-pentesting-ident.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.