Telnet 23 - 2323

Telnet Banner Grabbing

Using Netcat

nc -vn <target_ip> 23

Using Telnet

telnet <target_ip> 23

Telnet Enumeration

Nmap Enumeration

nmap -n -sV -Pn --script "telnet* and safe" -p 23 <target_ip>

Common Alternative Port for IoT Devices

  • Check Port 2323:

    nmap -p 2323 <target_ip>

Metasploit Enumeration

Automated Telnet Scanning with Metasploit

Run these commands sequentially for thorough checks:

msfconsole -q -x '
use auxiliary/scanner/telnet/telnet_version;
set RHOSTS <target_ip>;
set RPORT 23;
run; exit'

msfconsole -q -x '
use auxiliary/scanner/telnet/brocade_enable_login;
set RHOSTS <target_ip>;
set RPORT 23;
run; exit'

msfconsole -q -x '
use auxiliary/scanner/telnet/telnet_encrypt_overflow;
set RHOSTS <target_ip>;
set RPORT 23;
run; exit'

msfconsole -q -x '
use auxiliary/scanner/telnet/telnet_ruggedcom;
set RHOSTS <target_ip>;
set RPORT 23;
run; exit'

Brute Forcing Telnet

Hydra Brute Force

sudo hydra -L users.txt -P rockyou.txt <target_ip> telnet -V

Post-Enumeration Checks

  • Default Credentials: Look for default Telnet credentials for IoT or networking devices (e.g., Default Credentials Cheat Sheet).

  • Verify if Telnet allows root login: Banner information or login attempts might reveal this.

  • Test for Vulnerabilities:

    • Weak encryption methods in Telnet sessions.

    • Unauthenticated or improperly configured Telnet services.

Notes

  • Telnet is inherently insecure due to plaintext transmission. Secure systems often disable Telnet in favor of SSH.

  • If Telnet access is gained, check for privilege escalation paths or potential lateral movement opportunities.

PreviousSSH 22NextSMTP 25

Last updated