EIP-2026-118117

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118117. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates the misuse of Windows' built-in `finger.exe` to bypass security software and establish a C2 channel for file downloads and data exfiltration. It leverages the Finger protocol and port redirection to evade detection by Windows Defender and network security devices.

Description

Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/48815

View Code ZIP pw:eip

This exploit demonstrates the misuse of Windows' built-in `finger.exe` to bypass security software and establish a C2 channel for file downloads and data exfiltration. It leverages the Finger protocol and port redirection to evade detection by Windows Defender and network security devices.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows TCPIP Finger Command (finger.exe)

No auth needed

Prerequisites: Access to a Windows system with `finger.exe` available · Network connectivity to a C2 server · Ability to configure port redirection if default port 79 is blocked

MITRE ATT&CK

T1071 - Application Layer Protocol T1105 - Ingress Tool Transfer T1041 - Exfiltration Over C2 Channel

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software

Exploitation Summary

Description

Exploits (1)

Details