hacktricks/network-services-pentesting/pentesting-telnet.md

# 23 - Kupima Usalama wa Telnet

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA USAJILI**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

<figure><img src="../.gitbook/assets/image (2) (1) (1).png" alt=""><figcaption></figcaption></figure>

**Usanidi wa papo hapo wa upimaji wa udhaifu & kupenyeza**. Tekeleza ukaguzi kamili wa usalama kutoka mahali popote na zana & vipengele zaidi ya 20 vinavyoanzia uchunguzi hadi ripoti. Hatuchukui nafasi ya wapima usalama - tunaendeleza zana za desturi, moduli za ugunduzi & uchomaji ili kuwarudishia muda wa kuchimba kwa kina, kuzindua mizizi, na kufurahi.

{% embed url="https://pentest-tools.com/" %}

## **Taarifa Msingi**

Telnet ni itifaki ya mtandao inayowapa watumiaji njia isiyo salama ya kufikia kompyuta kupitia mtandao.

**Bandari ya chaguo:** 23
```
23/tcp open  telnet
```
## **Uthibitisho**

### **Kukamata Bango**
```bash
nc -vn <IP> 23
```
Unaweza kufanya uchunguzi wa kuvutia kwa kutumia **nmap**:
```bash
nmap -n -sV -Pn --script "*telnet* and safe" -p 23 <IP>
```
Mipango `telnet-ntlm-info.nse` itapata habari za NTLM (toleo la Windows).

Kutoka kwenye [telnet RFC](https://datatracker.ietf.org/doc/html/rfc854): Katika Itifaki ya TELNET kuna "**chaguo**" mbalimbali ambazo zitaruhusiwa na zinaweza kutumika na muundo wa "**DO, DON'T, WILL, WON'T**" kuruhusu mtumiaji na seva kukubaliana kutumia seti ya mazungumzo yenye utata zaidi (au labda tofauti tu) kwa muunganisho wao wa TELNET. Chaguo kama hilo linaweza kujumuisha kubadilisha seti ya wahusika, mode ya kielelezo, n.k.

**Najua inawezekana kuchunguza chaguo hizi lakini sijui jinsi, hivyo nijulishe kama unajua jinsi.**

### [Kuvunja nguvu](../generic-methodologies-and-resources/brute-force.md#telnet)

## Faili ya Mipangilio
```bash
/etc/inetd.conf
/etc/xinetd.d/telnet
/etc/xinetd.d/stelnet
```
## Amri za Kiotomatiki za HackTricks
```
Protocol_Name: Telnet    #Protocol Abbreviation if there is one.
Port_Number:  23     #Comma separated if there is more than one.
Protocol_Description: Telnet          #Protocol Abbreviation Spelled out

Entry_1:
Name: Notes
Description: Notes for t=Telnet
Note: |
wireshark to hear creds being passed
tcp.port == 23 and ip.addr != myip

https://book.hacktricks.xyz/pentesting/pentesting-telnet

Entry_2:
Name: Banner Grab
Description: Grab Telnet Banner
Command: nc -vn {IP} 23

Entry_3:
Name: Nmap with scripts
Description: Run nmap scripts for telnet
Command: nmap -n -sV -Pn --script "*telnet*" -p 23 {IP}

Entry_4:
Name: consoleless mfs enumeration
Description: Telnet enumeration without the need to run msfconsole
Note: sourced from https://github.com/carlospolop/legion
Command: msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_version; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/brocade_enable_login; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_encrypt_overflow; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_ruggedcom; set RHOSTS {IP}; set RPORT 23; run; exit'

```
<figure><img src="../.gitbook/assets/image (2) (1) (1).png" alt=""><figcaption></figcaption></figure>

**Mipangilio inapatikana mara moja kwa tathmini ya udhaifu na upenyezaji**. Tekeleza pentest kamili kutoka popote ukiwa na zana na vipengele zaidi ya 20 vinavyoanzia uchunguzi hadi ripoti. Hatuchukui nafasi ya wapimaji wa pentest - tuna
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00			`# 23 - Kupima Usalama wa Telnet`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00			`<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
arte 2024-01-02 18:28:27 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00			`* Ikiwa unataka kuona kampuni yako ikitangazwa kwenye HackTricks au kupakua HackTricks kwa PDF Angalia [MIPANGO YA USAJILI](https://github.com/sponsors/carlospolop)!`
			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks\_live).`
			`* Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos za github.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
GITBOOK-3884: change request with no subject merged in GitBook 2023-04-30 21:54:03 +00:00			`</details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-29 21:14:28 +00:00			`<figure><img src="../.gitbook/assets/image (2) (1) (1).png" alt=""><figcaption></figcaption></figure>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-29 21:14:28 +00:00			`Usanidi wa papo hapo wa upimaji wa udhaifu & kupenyeza. Tekeleza ukaguzi kamili wa usalama kutoka mahali popote na zana & vipengele zaidi ya 20 vinavyoanzia uchunguzi hadi ripoti. Hatuchukui nafasi ya wapima usalama - tunaendeleza zana za desturi, moduli za ugunduzi & uchomaji ili kuwarudishia muda wa kuchimba kwa kina, kuzindua mizizi, na kufurahi.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
pentest-tools 2024-01-11 13:23:18 +00:00			`{% embed url="https://pentest-tools.com/" %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Taarifa Msingi`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-29 21:14:28 +00:00			`Telnet ni itifaki ya mtandao inayowapa watumiaji njia isiyo salama ya kufikia kompyuta kupitia mtandao.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00			`Bandari ya chaguo: 23`
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`23/tcp open telnet`
			```
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00			`## Uthibitisho`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00			`### Kukamata Bango`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`nc -vn <IP> 23`
			```
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00			`Unaweza kufanya uchunguzi wa kuvutia kwa kutumia nmap:`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`nmap -n -sV -Pn --script "telnet and safe" -p 23 <IP>`
			```
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-29 21:14:28 +00:00			Mipango `telnet-ntlm-info.nse` itapata habari za NTLM (toleo la Windows).
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-29 21:14:28 +00:00			`Kutoka kwenye [telnet RFC](https://datatracker.ietf.org/doc/html/rfc854): Katika Itifaki ya TELNET kuna "chaguo" mbalimbali ambazo zitaruhusiwa na zinaweza kutumika na muundo wa "DO, DON'T, WILL, WON'T" kuruhusu mtumiaji na seva kukubaliana kutumia seti ya mazungumzo yenye utata zaidi (au labda tofauti tu) kwa muunganisho wao wa TELNET. Chaguo kama hilo linaweza kujumuisha kubadilisha seti ya wahusika, mode ya kielelezo, n.k.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-17 16:40:00 +00:00			`Najua inawezekana kuchunguza chaguo hizi lakini sijui jinsi, hivyo nijulishe kama unajua jinsi.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-29 21:14:28 +00:00			`### [Kuvunja nguvu](../generic-methodologies-and-resources/brute-force.md#telnet)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-29 21:14:28 +00:00			`## Faili ya Mipangilio`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`/etc/inetd.conf`
			`/etc/xinetd.d/telnet`
			`/etc/xinetd.d/stelnet`
			```
Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Amri za Kiotomatiki za HackTricks`
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			```
HAC telnet 2021-08-12 13:37:00 +00:00			`Protocol_Name: Telnet #Protocol Abbreviation if there is one.`
			`Port_Number: 23 #Comma separated if there is more than one.`
			`Protocol_Description: Telnet #Protocol Abbreviation Spelled out`

23 Yaml 2021-08-15 17:54:03 +00:00			`Entry_1:`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Name: Notes`
			`Description: Notes for t=Telnet`
			`Note: \|`
			`wireshark to hear creds being passed`
			`tcp.port == 23 and ip.addr != myip`
23 Yaml 2021-08-15 17:54:03 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`https://book.hacktricks.xyz/pentesting/pentesting-telnet`
23 Yaml 2021-08-15 17:54:03 +00:00
			`Entry_2:`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Name: Banner Grab`
			`Description: Grab Telnet Banner`
			`Command: nc -vn {IP} 23`
23 Yaml 2021-08-15 17:54:03 +00:00
			`Entry_3:`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Name: Nmap with scripts`
			`Description: Run nmap scripts for telnet`
			`Command: nmap -n -sV -Pn --script "telnet" -p 23 {IP}`

TireFire Telnet Syntax Update TireFire Telnet Syntax Update 2022-07-01 13:10:24 +00:00			`Entry_4:`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Name: consoleless mfs enumeration`
			`Description: Telnet enumeration without the need to run msfconsole`
			`Note: sourced from https://github.com/carlospolop/legion`
			`Command: msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_version; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/brocade_enable_login; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_encrypt_overflow; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_ruggedcom; set RHOSTS {IP}; set RPORT 23; run; exit'`
GitBook: [master] 7 pages and 16 assets modified 2021-08-14 09:02:12 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			```
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-29 21:14:28 +00:00			`<figure><img src="../.gitbook/assets/image (2) (1) (1).png" alt=""><figcaption></figcaption></figure>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat 2024-03-29 21:14:28 +00:00			`Mipangilio inapatikana mara moja kwa tathmini ya udhaifu na upenyezaji. Tekeleza pentest kamili kutoka popote ukiwa na zana na vipengele zaidi ya 20 vinavyoanzia uchunguzi hadi ripoti. Hatuchukui nafasi ya wapimaji wa pentest - tuna`