Telnet 23 - 2323
Telnet Banner Grabbing
Using Netcat
nc -vn <target_ip> 23
Using Telnet
telnet <target_ip> 23
Telnet Enumeration
Nmap Enumeration
nmap -n -sV -Pn --script "telnet* and safe" -p 23 <target_ip>
Common Alternative Port for IoT Devices
Check Port 2323:
nmap -p 2323 <target_ip>
Metasploit Enumeration
Automated Telnet Scanning with Metasploit
Run these commands sequentially for thorough checks:
msfconsole -q -x '
use auxiliary/scanner/telnet/telnet_version;
set RHOSTS <target_ip>;
set RPORT 23;
run; exit'
msfconsole -q -x '
use auxiliary/scanner/telnet/brocade_enable_login;
set RHOSTS <target_ip>;
set RPORT 23;
run; exit'
msfconsole -q -x '
use auxiliary/scanner/telnet/telnet_encrypt_overflow;
set RHOSTS <target_ip>;
set RPORT 23;
run; exit'
msfconsole -q -x '
use auxiliary/scanner/telnet/telnet_ruggedcom;
set RHOSTS <target_ip>;
set RPORT 23;
run; exit'
Brute Forcing Telnet
Hydra Brute Force
sudo hydra -L users.txt -P rockyou.txt <target_ip> telnet -V
Post-Enumeration Checks
Default Credentials: Look for default Telnet credentials for IoT or networking devices (e.g., Default Credentials Cheat Sheet).
Verify if Telnet allows root login: Banner information or login attempts might reveal this.
Test for Vulnerabilities:
Weak encryption methods in Telnet sessions.
Unauthenticated or improperly configured Telnet services.
Notes
Telnet is inherently insecure due to plaintext transmission. Secure systems often disable Telnet in favor of SSH.
If Telnet access is gained, check for privilege escalation paths or potential lateral movement opportunities.
Last updated