hacktricks/network-services-pentesting/pentesting-telnet.md

# 23 - Pentesting Telnet

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

<figure><img src="/.gitbook/assets/pentest-tools.svg" alt=""><figcaption></figcaption></figure>

#### Get a hacker's perspective on your web apps, network, and cloud

**Trova e segnala vulnerabilità critiche e sfruttabili con un impatto reale sul business.** Usa i nostri oltre 20 strumenti personalizzati per mappare la superficie di attacco, trovare problemi di sicurezza che ti permettano di elevare i privilegi e utilizzare exploit automatizzati per raccogliere prove essenziali, trasformando il tuo duro lavoro in report persuasivi.

{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}

## **Informazioni di base**

Telnet è un protocollo di rete che offre agli utenti un modo NON sicuro per accedere a un computer tramite una rete.

**Porta predefinita:** 23
```
23/tcp open  telnet
```
## **Enumerazione**

### **Acquisizione del Banner**
```bash
nc -vn <IP> 23
```
Tutta l'enumerazione interessante può essere eseguita da **nmap**:
```bash
nmap -n -sV -Pn --script "*telnet* and safe" -p 23 <IP>
```
Lo script `telnet-ntlm-info.nse` otterrà informazioni NTLM (versioni di Windows).

Dalla [RFC telnet](https://datatracker.ietf.org/doc/html/rfc854): Nel Protocollo TELNET ci sono varie "**opzioni**" che saranno sanzionate e possono essere utilizzate con la struttura "**DO, DON'T, WILL, WON'T**" per consentire a un utente e a un server di concordare l'uso di un insieme più elaborato (o forse semplicemente diverso) di convenzioni per la loro connessione TELNET. Tali opzioni potrebbero includere la modifica del set di caratteri, la modalità di eco, ecc.

**So che è possibile enumerare queste opzioni ma non so come, quindi fammi sapere se sai come.**

### [Brute force](../generic-methodologies-and-resources/brute-force.md#telnet)

## Config file
```bash
/etc/inetd.conf
/etc/xinetd.d/telnet
/etc/xinetd.d/stelnet
```
## HackTricks Comandi Automatici
```
Protocol_Name: Telnet    #Protocol Abbreviation if there is one.
Port_Number:  23     #Comma separated if there is more than one.
Protocol_Description: Telnet          #Protocol Abbreviation Spelled out

Entry_1:
Name: Notes
Description: Notes for t=Telnet
Note: |
wireshark to hear creds being passed
tcp.port == 23 and ip.addr != myip

https://book.hacktricks.xyz/pentesting/pentesting-telnet

Entry_2:
Name: Banner Grab
Description: Grab Telnet Banner
Command: nc -vn {IP} 23

Entry_3:
Name: Nmap with scripts
Description: Run nmap scripts for telnet
Command: nmap -n -sV -Pn --script "*telnet*" -p 23 {IP}

Entry_4:
Name: consoleless mfs enumeration
Description: Telnet enumeration without the need to run msfconsole
Note: sourced from https://github.com/carlospolop/legion
Command: msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_version; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/brocade_enable_login; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_encrypt_overflow; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_ruggedcom; set RHOSTS {IP}; set RPORT 23; run; exit'

```
<figure><img src="/.gitbook/assets/pentest-tools.svg" alt=""><figcaption></figcaption></figure>

#### Ottieni la prospettiva di un hacker sulle tue app web, rete e cloud

**Trova e segnala vulnerabilità critiche ed exploitabili con un impatto reale sul business.** Usa i nostri oltre 20 strumenti personalizzati per mappare la superficie di attacco, trovare problemi di sicurezza che ti permettano di elevare i privilegi e utilizzare exploit automatizzati per raccogliere prove essenziali, trasformando il tuo duro lavoro in report persuasivi.

{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}

{% hint style="success" %}
Impara e pratica AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Impara e pratica GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Supporta HackTricks</summary>

* Controlla i [**piani di abbonamento**](https://github.com/sponsors/carlospolop)!
* **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Condividi trucchi di hacking inviando PR ai** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos su github.

</details>
{% endhint %}
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								# 23 - Pentesting Telnet
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								{% hint style="success" %}
 								Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								<details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								<summary>Support HackTricks</summary>
-												arte

											
										
										
											2024-01-02 19:28:27 +01:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
 								* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 								* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												GITBOOK-3884: change request with no subject merged in GitBook

											
										
										
											2023-04-30 21:54:03 +00:00
+								</details>
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								{% endhint %}
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['network-services-pentesting/512-pentesting-rexec.md', 'netw

											
										
										
											2024-08-04 15:18:56 +00:00
+								<figure><img src="/.gitbook/assets/pentest-tools.svg" alt=""><figcaption></figcaption></figure>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['README.md', 'binary-exploitation/format-strings/README.md',

											
										
										
											2024-11-09 13:26:13 +00:00
+								#### Get a hacker's perspective on your web apps, network, and cloud
 								**Trova e segnala vulnerabilità critiche e sfruttabili con un impatto reale sul business.** Usa i nostri oltre 20 strumenti personalizzati per mappare la superficie di attacco, trovare problemi di sicurezza che ti permettano di elevare i privilegi e utilizzare exploit automatizzati per raccogliere prove essenziali, trasformando il tuo duro lavoro in report persuasivi.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['README.md', 'network-services-pentesting/512-pentesting-rex

											
										
										
											2024-07-29 09:26:42 +00:00
+								{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:09:41 +00:00
+								## **Informazioni di base**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								Telnet è un protocollo di rete che offre agli utenti un modo NON sicuro per accedere a un computer tramite una rete.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								**Porta predefinita:** 23
-												GitBook: [#3160] No subject

											
										
										
											2022-05-01 13:25:53 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+/tcp open  telnet
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-03-17 16:26:31 +00:00
+								## **Enumerazione**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								### **Acquisizione del Banner**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```bash
 								nc -vn <IP> 23
 								```
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								Tutta l'enumerazione interessante può essere eseguita da **nmap**:
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```bash
 								nmap -n -sV -Pn --script "*telnet* and safe" -p 23 <IP>
 								```
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								Lo script `telnet-ntlm-info.nse` otterrà informazioni NTLM (versioni di Windows).
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'binary-exploitation/format-strings/README.md',

											
										
										
											2024-11-09 13:26:13 +00:00
+								Dalla [RFC telnet](https://datatracker.ietf.org/doc/html/rfc854): Nel Protocollo TELNET ci sono varie "**opzioni**" che saranno sanzionate e possono essere utilizzate con la struttura "**DO, DON'T, WILL, WON'T**" per consentire a un utente e a un server di concordare l'uso di un insieme più elaborato (o forse semplicemente diverso) di convenzioni per la loro connessione TELNET. Tali opzioni potrebbero includere la modifica del set di caratteri, la modalità di eco, ecc.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'binary-exploitation/format-strings/README.md',

											
										
										
											2024-11-09 13:26:13 +00:00
+								**So che è possibile enumerare queste opzioni ma non so come, quindi fammi sapere se sai come.**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								### [Brute force](../generic-methodologies-and-resources/brute-force.md#telnet)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								## Config file
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```bash
 								/etc/inetd.conf
 								/etc/xinetd.d/telnet
 								/etc/xinetd.d/stelnet
 								```
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								## HackTricks Comandi Automatici
-												GitBook: [#3160] No subject

											
										
										
											2022-05-01 13:25:53 +00:00
+								```
-												HAC telnet
											
										
										
											2021-08-12 09:37:00 -04:00
+								Protocol_Name: Telnet    #Protocol Abbreviation if there is one.
 								Port_Number:  23     #Comma separated if there is more than one.
 								Protocol_Description: Telnet          #Protocol Abbreviation Spelled out
-Yaml
											
										
										
											2021-08-15 13:54:03 -04:00
+								Entry_1:
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								Name: Notes
 								Description: Notes for t=Telnet
 								Note: |
 								wireshark to hear creds being passed
 								tcp.port == 23 and ip.addr != myip
-Yaml
											
										
										
											2021-08-15 13:54:03 -04:00
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								https://book.hacktricks.xyz/pentesting/pentesting-telnet
-Yaml
											
										
										
											2021-08-15 13:54:03 -04:00
 								Entry_2:
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								Name: Banner Grab
 								Description: Grab Telnet Banner
 								Command: nc -vn {IP} 23
-Yaml
											
										
										
											2021-08-15 13:54:03 -04:00
 								Entry_3:
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								Name: Nmap with scripts
 								Description: Run nmap scripts for telnet
 								Command: nmap -n -sV -Pn --script "*telnet*" -p 23 {IP}
-												TireFire Telnet Syntax Update

TireFire Telnet Syntax Update
											
										
										
											2022-07-01 09:10:24 -04:00
+								Entry_4:
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								Name: consoleless mfs enumeration
 								Description: Telnet enumeration without the need to run msfconsole
 								Note: sourced from https://github.com/carlospolop/legion
 								Command: msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_version; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/brocade_enable_login; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_encrypt_overflow; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_ruggedcom; set RHOSTS {IP}; set RPORT 23; run; exit'
-												GitBook: [master] 7 pages and 16 assets modified
											
										
										
											2021-08-14 09:02:12 +00:00
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								```
-												Translated ['network-services-pentesting/512-pentesting-rexec.md', 'netw

											
										
										
											2024-08-04 15:18:56 +00:00
+								<figure><img src="/.gitbook/assets/pentest-tools.svg" alt=""><figcaption></figcaption></figure>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['README.md', 'binary-exploitation/format-strings/README.md',

											
										
										
											2024-11-09 13:26:13 +00:00
+								#### Ottieni la prospettiva di un hacker sulle tue app web, rete e cloud
 								**Trova e segnala vulnerabilità critiche ed exploitabili con un impatto reale sul business.** Usa i nostri oltre 20 strumenti personalizzati per mappare la superficie di attacco, trovare problemi di sicurezza che ti permettano di elevare i privilegi e utilizzare exploit automatizzati per raccogliere prove essenziali, trasformando il tuo duro lavoro in report persuasivi.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['README.md', 'network-services-pentesting/512-pentesting-rex

											
										
										
											2024-07-29 09:26:42 +00:00
+								{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								{% hint style="success" %}
-												Translated ['README.md', 'binary-exploitation/format-strings/README.md',

											
										
										
											2024-11-09 13:26:13 +00:00
+								Impara e pratica AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								Impara e pratica GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								<details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								<summary>Supporta HackTricks</summary>
-												arte

											
										
										
											2024-01-02 19:28:27 +01:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								* Controlla i [**piani di abbonamento**](https://github.com/sponsors/carlospolop)!
 								* **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
-												Translated ['network-services-pentesting/512-pentesting-rexec.md', 'netw

											
										
										
											2024-08-04 15:18:56 +00:00
+								* **Condividi trucchi di hacking inviando PR ai** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos su github.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 11:34:23 +00:00
+								{% endhint %}