2023-08-03 19:12:22 +00:00
# 23 - Telnet渗透测试
2022-04-28 16:01:33 +00:00
< details >
2023-08-03 19:12:22 +00:00
< summary > < a href = "https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology" > < strong > ☁️ HackTricks云 ☁️< / strong > < / a > -< a href = "https://twitter.com/hacktricks_live" > < strong > 🐦 Twitter 🐦< / strong > < / a > - < a href = "https://www.twitch.tv/hacktricks_live/schedule" > < strong > 🎙️ Twitch 🎙️< / strong > < / a > - < a href = "https://www.youtube.com/@hacktricks_LIVE" > < strong > 🎥 Youtube 🎥< / strong > < / a > < / summary >
2022-04-28 16:01:33 +00:00
2023-08-03 19:12:22 +00:00
* 你在一家**网络安全公司**工作吗? !
* 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品[**The PEASS Family**](https://opensea.io/collection/the-peass-family)
* 获取[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
* **加入**[**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组** ](https://discord.gg/hRep4RUj7f )或[**电报群组**](https://t.me/peass)或**关注**我在**Twitter**上的[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
* **通过向**[**hacktricks repo**](https://github.com/carlospolop/hacktricks) **和** [**hacktricks-cloud repo** ](https://github.com/carlospolop/hacktricks-cloud ) **提交PR来分享你的黑客技巧。**
2022-04-28 16:01:33 +00:00
2023-04-30 21:54:03 +00:00
< / details >
2022-04-28 16:01:33 +00:00
2023-06-10 23:31:32 +00:00
< figure > < img src = "../.gitbook/assets/image (1) (1) (2) (4).png" alt = "" > < figcaption > < / figcaption > < / figure >
2022-04-28 16:01:33 +00:00
2023-08-03 19:12:22 +00:00
[**DragonJAR Security Conference是一场国际网络安全活动** ](https://www.dragonjarcon.org/ ), , ,
立即在以下链接注册,不要错过这个重要的会议!:
2022-04-28 16:01:33 +00:00
2023-04-30 21:54:03 +00:00
{% embed url="https://www.dragonjarcon.org/" %}
2022-04-28 16:01:33 +00:00
2023-08-03 19:12:22 +00:00
## **基本信息**
2020-07-15 15:43:14 +00:00
2023-08-03 19:12:22 +00:00
Telnet是一种网络协议,
2020-07-15 15:43:14 +00:00
2023-08-03 19:12:22 +00:00
**默认端口:**23
2022-05-01 13:25:53 +00:00
```
2020-07-15 15:43:14 +00:00
23/tcp open telnet
```
2023-08-03 19:12:22 +00:00
### **枚举**
2020-07-15 15:43:14 +00:00
2023-08-03 19:12:22 +00:00
#### **获取横幅信息**
2020-07-15 15:43:14 +00:00
```bash
nc -vn < IP > 23
```
2023-08-03 19:12:22 +00:00
所有有趣的枚举都可以通过**nmap**进行执行:
2020-07-15 15:43:14 +00:00
```bash
nmap -n -sV -Pn --script "*telnet* and safe" -p 23 < IP >
```
2023-08-03 19:12:22 +00:00
脚本 `telnet-ntlm-info.nse` 将获取 NTLM 信息(适用于 Windows 版本)。
2020-07-15 15:43:14 +00:00
2023-08-03 19:12:22 +00:00
在 TELNET 协议中,有各种 "**选项**",可以通过 "**DO, DON'T, WILL, WON'T**" 结构进行制定,并可用于允许用户和服务器同意使用更复杂(或者可能只是不同)的约定集来进行 TELNET 连接。这些选项可能包括更改字符集、回显模式等(来自 [telnet RFC ](https://tools.ietf.org/html/rfc854 ))
**我知道可以枚举这些选项,但我不知道如何操作,所以如果你知道,请告诉我。**
2020-07-15 15:43:14 +00:00
2023-08-03 19:12:22 +00:00
### [暴力破解](../generic-methodologies-and-resources/brute-force.md#telnet)
2020-07-15 15:43:14 +00:00
2023-08-03 19:12:22 +00:00
## 配置文件
2020-07-15 15:43:14 +00:00
```bash
/etc/inetd.conf
/etc/xinetd.d/telnet
/etc/xinetd.d/stelnet
```
2023-08-03 19:12:22 +00:00
## HackTricks 自动命令
### Telnet
Telnet is a network protocol used to establish a remote shell session with a host over the Internet. It is commonly used for remote administration and debugging purposes. However, Telnet is considered insecure because it transmits data in plain text, making it vulnerable to eavesdropping and interception.
2020-07-15 15:43:14 +00:00
2023-08-03 19:12:22 +00:00
To automate Telnet commands, you can use the following syntax:
2020-07-15 15:43:14 +00:00
2023-08-03 19:12:22 +00:00
```bash
echo -e "command1\ncommand2\ncommand3" | telnet < host > < port >
```
Replace `<host>` with the target host IP address or domain name, and `<port>` with the target port number.
For example, to automate Telnet commands to a host with IP address `192.168.1.100` on port `23` , you can use the following command:
```bash
echo -e "command1\ncommand2\ncommand3" | telnet 192.168.1.100 23
```
This will send the specified commands (`command1`, `command2` , and `command3` ) to the Telnet server running on the target host.
Keep in mind that Telnet is an insecure protocol, and it is recommended to use more secure alternatives such as SSH whenever possible.
2022-05-01 13:25:53 +00:00
```
2021-08-12 13:37:00 +00:00
Protocol_Name: Telnet #Protocol Abbreviation if there is one.
Port_Number: 23 #Comma separated if there is more than one.
Protocol_Description: Telnet #Protocol Abbreviation Spelled out
2021-08-15 17:54:03 +00:00
Entry_1:
2023-08-03 19:12:22 +00:00
Name: Notes
Description: Notes for t=Telnet
Note: |
wireshark to hear creds being passed
tcp.port == 23 and ip.addr != myip
2021-08-15 17:54:03 +00:00
2023-08-03 19:12:22 +00:00
https://book.hacktricks.xyz/pentesting/pentesting-telnet
2021-08-15 17:54:03 +00:00
Entry_2:
2023-08-03 19:12:22 +00:00
Name: Banner Grab
Description: Grab Telnet Banner
Command: nc -vn {IP} 23
2021-08-15 17:54:03 +00:00
Entry_3:
2023-08-03 19:12:22 +00:00
Name: Nmap with scripts
Description: Run nmap scripts for telnet
Command: nmap -n -sV -Pn --script "*telnet*" -p 23 {IP}
2022-07-01 13:10:24 +00:00
Entry_4:
2023-08-03 19:12:22 +00:00
Name: consoleless mfs enumeration
Description: Telnet enumeration without the need to run msfconsole
Note: sourced from https://github.com/carlospolop/legion
Command: msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_version; set RHOSTS {IP}; set RPORT 23; run; exit' & & msfconsole -q -x 'use auxiliary/scanner/telnet/brocade_enable_login; set RHOSTS {IP}; set RPORT 23; run; exit' & & msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_encrypt_overflow; set RHOSTS {IP}; set RPORT 23; run; exit' & & msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_ruggedcom; set RHOSTS {IP}; set RPORT 23; run; exit'
2021-08-14 09:02:12 +00:00
2023-08-03 19:12:22 +00:00
```
2023-06-10 23:31:32 +00:00
< figure > < img src = "../.gitbook/assets/image (1) (1) (2) (4).png" alt = "" > < figcaption > < / figcaption > < / figure >
2022-04-28 16:01:33 +00:00
2023-08-03 19:12:22 +00:00
[**DragonJAR Security Conference是一场国际网络安全活动** ](https://www.dragonjarcon.org/ ), , ,
立即在以下链接注册,不要错过这个重要的会议!:
2022-04-28 16:01:33 +00:00
2023-04-30 21:54:03 +00:00
{% embed url="https://www.dragonjarcon.org/" %}
2022-04-28 16:01:33 +00:00
2023-04-30 21:54:03 +00:00
< details >
2022-04-28 16:01:33 +00:00
2023-08-03 19:12:22 +00:00
< summary > < a href = "https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology" > < strong > ☁️ HackTricks云 ☁️< / strong > < / a > -< a href = "https://twitter.com/hacktricks_live" > < strong > 🐦 Twitter 🐦< / strong > < / a > - < a href = "https://www.twitch.tv/hacktricks_live/schedule" > < strong > 🎙️ Twitch 🎙️< / strong > < / a > - < a href = "https://www.youtube.com/@hacktricks_LIVE" > < strong > 🎥 Youtube 🎥< / strong > < / a > < / summary >
2022-04-28 16:01:33 +00:00
2023-08-03 19:12:22 +00:00
* 你在一家**网络安全公司**工作吗? !
* 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品[**The PEASS Family**](https://opensea.io/collection/the-peass-family)
* 获得[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
* **加入**[**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组** ](https://discord.gg/hRep4RUj7f )或[**电报群组**](https://t.me/peass),或在**Twitter**上**关注**我[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
* **通过向**[**hacktricks repo**](https://github.com/carlospolop/hacktricks) **和** [**hacktricks-cloud repo** ](https://github.com/carlospolop/hacktricks-cloud ) **提交PR来分享你的黑客技巧。**
2022-04-28 16:01:33 +00:00
< / details >
