hacktricks/network-services-pentesting/pentesting-telnet.md

# 23 - Kuingia Kwa Nguvu Kwenye Telnet

<details>

<summary><strong>Jifunze kuingia kwa nguvu kwenye AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi wa PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kuingia kwa nguvu kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

<figure><img src="/.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>

**Usanidi uliopo mara moja kwa tathmini ya udhaifu na kuingia kwa nguvu**. Tekeleza ukaguzi kamili wa kuingia kwa nguvu kutoka mahali popote na zana na huduma 20+ ambazo zinaanza kutoka kwa uchunguzi hadi ripoti. Hatuchukui nafasi ya wapenzi wa kuingia kwa nguvu - tunatengeneza zana za desturi, moduli za ugunduzi na uvamizi ili kuwapa muda wa kuchimba kwa kina, kuvunja kabati, na kufurahi.

{% embed url="https://pentest-tools.com/" %}

## **Taarifa Msingi**

Telnet ni itifaki ya mtandao ambayo inawapa watumiaji njia isiyosimbwa ya kufikia kompyuta kupitia mtandao.

**Bandari ya chaguo-msingi:** 23
```
23/tcp open  telnet
```
### **Kupata Bango**

Kupata bango ni mchakato wa kuchunguza huduma ya Telnet kwa kuchukua habari muhimu kutoka kwa bango la kuanzia. Bango la kuanzia ni ujumbe wa karibu ambao hutumwa na huduma ya Telnet wakati mteja anapojiunga na seva ya Telnet.

Kupata bango kunaweza kufanywa kwa kutumia zana kama vile `telnet`, `nc`, au `nmap`. Kwa kawaida, unaweza kuchukua bango kwa kuchunguza bandari ya 23, ambayo ni bandari ya kawaida ya Telnet.

Kwa kufanya hivyo, unaweza kupata habari muhimu kama toleo la programu, mfumo wa uendeshaji, na maelezo mengine yanayoweza kuwa muhimu kwa hatua zingine za udukuzi.
```bash
nc -vn <IP> 23
```
Uchunguzi wote wa kuvutia unaweza kufanywa na **nmap**:
```bash
nmap -n -sV -Pn --script "*telnet* and safe" -p 23 <IP>
```
The script `telnet-ntlm-info.nse` will obtain NTLM info (Windows versions).

From the [telnet RFC](https://datatracker.ietf.org/doc/html/rfc854): Katika Itifaki ya TELNET kuna "**chaguo**" mbalimbali ambazo zitaruhusiwa na zinaweza kutumika na muundo wa "**DO, DON'T, WILL, WON'T**" ili kuruhusu mtumiaji na seva kukubaliana kutumia seti ya sheria zaidi (au labda tofauti) kwa uhusiano wao wa TELNET. Chaguo kama hizo zinaweza kujumuisha kubadilisha seti ya wahusika, hali ya kurejea, n.k.

**Najua ni kawaida kuchunguza chaguo hizi lakini sijui jinsi ya kufanya hivyo, kwa hivyo nijulishe ikiwa unajua jinsi.**

### [Nguvu ya nguvu](../generic-methodologies-and-resources/brute-force.md#telnet)

## Faili ya Usanidi
```bash
/etc/inetd.conf
/etc/xinetd.d/telnet
/etc/xinetd.d/stelnet
```
## Amri za Kiotomatiki za HackTricks

The HackTricks tool provides a set of automatic commands that can be used during a penetration test to gather information and exploit vulnerabilities. These commands are designed to automate the process and make it more efficient.

### Telnet

#### Banner Grabbing

To retrieve the banner of a Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Replace `<target_ip>` with the IP address of the target and `<port>` with the port number of the Telnet service.

#### Authentication Bypass

To bypass authentication on a Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, try using default or weak credentials to gain unauthorized access.

#### Command Execution

To execute commands on a Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, you can enter commands directly into the Telnet session.

#### Remote Shell

To obtain a remote shell on a Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, you can execute commands as if you were on the target system.

#### File Transfer

To transfer files to or from a Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, you can use the `put` or `get` commands to transfer files.

#### Port Forwarding

To forward a local port to a remote Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, you can use the `forward` command to set up port forwarding.

#### Tunneling

To create a tunnel to a remote Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, you can use the `tunnel` command to create a tunnel.

#### Proxy

To use a Telnet service as a proxy, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, you can configure your applications to use the Telnet service as a proxy.

#### Brute Force

To perform a brute force attack on a Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, you can use a tool like Hydra to automate the brute force attack.

#### Dictionary Attack

To perform a dictionary attack on a Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, you can use a tool like Medusa to automate the dictionary attack.

#### Denial of Service

To perform a denial of service attack on a Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, you can use a tool like Slowloris to launch the denial of service attack.

#### Exploitation

To exploit a vulnerability in a Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, you can use a tool like Metasploit to exploit the vulnerability.

#### Privilege Escalation

To escalate privileges on a Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, you can use various techniques to escalate your privileges.

#### Post-Exploitation

To perform post-exploitation activities on a Telnet service, use the following command:

```bash
telnet <target_ip> <port>
```

Once connected, you can perform actions like lateral movement, data exfiltration, and persistence.
```
Protocol_Name: Telnet    #Protocol Abbreviation if there is one.
Port_Number:  23     #Comma separated if there is more than one.
Protocol_Description: Telnet          #Protocol Abbreviation Spelled out

Entry_1:
Name: Notes
Description: Notes for t=Telnet
Note: |
wireshark to hear creds being passed
tcp.port == 23 and ip.addr != myip

https://book.hacktricks.xyz/pentesting/pentesting-telnet

Entry_2:
Name: Banner Grab
Description: Grab Telnet Banner
Command: nc -vn {IP} 23

Entry_3:
Name: Nmap with scripts
Description: Run nmap scripts for telnet
Command: nmap -n -sV -Pn --script "*telnet*" -p 23 {IP}

Entry_4:
Name: consoleless mfs enumeration
Description: Telnet enumeration without the need to run msfconsole
Note: sourced from https://github.com/carlospolop/legion
Command: msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_version; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/brocade_enable_login; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_encrypt_overflow; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_ruggedcom; set RHOSTS {IP}; set RPORT 23; run; exit'

```
<figure><img src="/.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>

**Usanidi uliopo mara moja kwa ajili ya tathmini ya udhaifu na upenyezaji**. Tekeleza upenyezaji kamili kutoka popote na zana na huduma zaidi ya 20 ambazo zinaanza kutoka uchunguzi hadi ripoti. Hatuchukui nafasi ya wapenyezaji - tunatengeneza zana za kawaida, moduli za ugunduzi na uvamizi ili kuwapa muda wa kuchimba kwa kina zaidi, kuchukua udhibiti, na kufurahia.

{% embed url="https://pentest-tools.com/" %}

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PR kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>