23 - Pentesting Telnet

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Mpangilio wa haraka wa tathmini ya udhaifu & upimaji wa penya. Fanya upimaji kamili kutoka mahali popote na zana 20+ & vipengele vinavyotoka kwenye upelelezi hadi ripoti. Hatubadilishi wapimaji wa penya - tunatengeneza zana maalum, moduli za kugundua & kutumia ili kuwapa muda wa kuchimba zaidi, kufungua shells, na kufurahia.

Pentest-Tools.com | 25+ Online Penetration Testing ToolsPentest-Tools.com

Taarifa za Msingi

Telnet ni itifaki ya mtandao inayowapa watumiaji njia isiyo salama ya kufikia kompyuta kupitia mtandao.

Bandari ya kawaida: 23

23/tcp open  telnet

Uhesabu

Kuchukua Bango

nc -vn <IP> 23

Mchanganuo wote wa kuvutia unaweza kufanywa na nmap:

nmap -n -sV -Pn --script "*telnet* and safe" -p 23 <IP>

The script telnet-ntlm-info.nse itapata taarifa za NTLM (matoleo ya Windows).

Kutoka kwenye telnet RFC: Katika Protokali ya TELNET kuna "chaguzi" mbalimbali ambazo zitaidhinishwa na zinaweza kutumika na muundo wa "FANYA, USIFANYE, ITAFANYIKA, HAITAFANYIKA" ili kuruhusu mtumiaji na seva kukubaliana kutumia seti ya makubaliano ya kina (au labda tofauti tu) kwa ajili ya muunganisho wao wa TELNET. Chaguzi kama hizo zinaweza kujumuisha kubadilisha seti ya wahusika, hali ya echo, n.k.

Ninajua inawezekana kuhesabu chaguzi hizi lakini sijui jinsi, hivyo nijulishe kama unajua jinsi.

Brute force

Faili ya usanidi

/etc/inetd.conf
/etc/xinetd.d/telnet
/etc/xinetd.d/stelnet

HackTricks Amri za Otomatiki

Protocol_Name: Telnet    #Protocol Abbreviation if there is one.
Port_Number:  23     #Comma separated if there is more than one.
Protocol_Description: Telnet          #Protocol Abbreviation Spelled out

Entry_1:
Name: Notes
Description: Notes for t=Telnet
Note: |
wireshark to hear creds being passed
tcp.port == 23 and ip.addr != myip

https://book.hacktricks.xyz/pentesting/pentesting-telnet

Entry_2:
Name: Banner Grab
Description: Grab Telnet Banner
Command: nc -vn {IP} 23

Entry_3:
Name: Nmap with scripts
Description: Run nmap scripts for telnet
Command: nmap -n -sV -Pn --script "*telnet*" -p 23 {IP}

Entry_4:
Name: consoleless mfs enumeration
Description: Telnet enumeration without the need to run msfconsole
Note: sourced from https://github.com/carlospolop/legion
Command: msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_version; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/brocade_enable_login; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_encrypt_overflow; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_ruggedcom; set RHOSTS {IP}; set RPORT 23; run; exit'

Mchakato wa haraka wa kutathmini udhaifu & kupenya. Fanya pentest kamili kutoka mahali popote na zana 20+ & vipengele vinavyotoka kwenye recon hadi ripoti. Hatubadilishi wapimaji wa udhaifu - tunatengeneza zana maalum, moduli za kugundua & kutumia ili kuwapa muda wa kuchimba zaidi, kufungua shells, na kufurahia.

Pentest-Tools.com | 25+ Online Penetration Testing ToolsPentest-Tools.com

Jifunze & fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze & fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud github repos.

Previous22 - Pentesting SSH/SFTP Next25,465,587 - Pentesting SMTP/s

Last updated 7 days ago