Telnet - Port 23
Become VeryLazyTech member! π
Follow us on:
β Twitter @VeryLazyTech.
πΎ Github @VeryLazyTech.
π Medium @VeryLazyTech.
Visit our shop for e-books and courses. π
Support us and buy me a coffee. β
Telnet is a network protocol that provides a text-based interface for communication with a remote device. It operates over TCP and allows users to access computers over a network in an unencrypted manner, making it susceptible to various attacks. Due to its inherent security flaws, it is often recommended to use more secure alternatives, such as SSH.
Default Port: 23
Attack Workflow
Basic Information Gathering:
Identify if Telnet is open on the target host:
nmap -p 23 <IP>
A successful response indicates the service is running:
23/tcp open telnet
Enumeration:
Banner Grabbing: You can grab the Telnet banner to gain insights into the service version and possible vulnerabilities.
nc -vn <IP> 23
Nmap Enumeration: Utilize Nmap to gather additional information about the Telnet service:
nmap -n -sV -Pn --script "*telnet* and safe" -p 23 <IP>
The
telnet-ntlm-info.nse
script can be used to obtain NTLM information, particularly on Windows machines.
Understanding Telnet Options:
The Telnet protocol allows the negotiation of various options, which can be enumerated using a Telnet client or custom scripts. To check the supported options, you can send specific commands through a Telnet session.
Example command to negotiate options: You can start a Telnet session and use the following commands:
DO <option> DON'T <option> WILL <option> WON'T <option>
Brute Forcing Credentials:
If the Telnet service requires authentication, you may perform a brute force attack using tools like Hydra or Medusa:
hydra -l <username> -P <password-list> telnet://<IP>
Checking Configuration Files:
Review common configuration files for Telnet:
/etc/inetd.conf
/etc/xinetd.d/telnet
/etc/xinetd.d/stelnet
These files may contain options or access controls that can be exploited.
Last updated
Was this helpful?