# Telnet - Port 23

{% tabs %}
{% tab title="Support VeryLazyTech 🎉" %}

* Become VeryLazyTech [**member**](https://buymeacoffee.com/verylazytech/membership)**! 🎁**
* **Follow** us on:
  * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.**
  * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.**
  * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.**
* Visit our [**shop** ](https://buymeacoffee.com/verylazytech/extras)for e-books and courses.  📚
* Support us and [**buy me a coffee**](https://buymeacoffee.com/verylazytech)**. ☕**
  {% endtab %}
  {% endtabs %}

Telnet is a network protocol that provides a text-based interface for communication with a remote device. It operates over TCP and allows users to access computers over a network in an unencrypted manner, making it susceptible to various attacks. Due to its inherent security flaws, it is often recommended to use more secure alternatives, such as SSH.

**Default Port:** 23

## Attack Workflow

1. **Basic Information Gathering:**
   * Identify if Telnet is open on the target host:

     ```bash
     nmap -p 23 <IP>
     ```
   * A successful response indicates the service is running:

     ```arduino
     23/tcp open  telnet
     ```
2. **Enumeration:**
   * **Banner Grabbing:** You can grab the Telnet banner to gain insights into the service version and possible vulnerabilities.

     ```bash
     nc -vn <IP> 23
     ```
   * **Nmap Enumeration:** Utilize Nmap to gather additional information about the Telnet service:

     ```bash
     nmap -n -sV -Pn --script "*telnet* and safe" -p 23 <IP>
     ```

     The `telnet-ntlm-info.nse` script can be used to obtain NTLM information, particularly on Windows machines.
3. **Understanding Telnet Options:**
   * The Telnet protocol allows the negotiation of various options, which can be enumerated using a Telnet client or custom scripts. To check the supported options, you can send specific commands through a Telnet session.
   * **Example command to negotiate options:** You can start a Telnet session and use the following commands:

     ```vbnet
     DO <option>
     DON'T <option>
     WILL <option>
     WON'T <option>
     ```
4. **Brute Forcing Credentials:**
   * If the Telnet service requires authentication, you may perform a brute force attack using tools like Hydra or Medusa:

     ```bash
     hydra -l <username> -P <password-list> telnet://<IP>
     ```
5. **Checking Configuration Files:**
   * Review common configuration files for Telnet:
     * `/etc/inetd.conf`
     * `/etc/xinetd.d/telnet`
     * `/etc/xinetd.d/stelnet`
   * These files may contain options or access controls that can be exploited.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.verylazytech.com/network-pentesting/telnet-port-23.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.