# 23 - Pentesting Telnet
{% hint style="success" %}
Learn & practice AWS Hacking:
[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: 
[**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** π¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** π¦ [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
**μ·¨μ½μ νκ° λ° μΉ¨ν¬ ν
μ€νΈλ₯Ό μν μ¦μ μ¬μ© κ°λ₯ν μ€μ **. 20κ° μ΄μμ λꡬ λ° κΈ°λ₯μ μ¬μ©νμ¬ μ΄λμλ μ 체 μΉ¨ν¬ ν
μ€νΈλ₯Ό μ€ννμΈμ. μ°λ¦¬λ μΉ¨ν¬ ν
μ€ν°λ₯Ό λ체νμ§ μμ΅λλ€ - μ°λ¦¬λ κ·Έλ€μ΄ λ κΉμ΄ νκ³ λ€κ³ , μμ ν°λ¨λ¦¬κ³ , μ¬λ―Έλ₯Ό λλ μ μλλ‘ λ§μΆ€ν λꡬ, νμ§ λ° μ
μ© λͺ¨λμ κ°λ°ν©λλ€.
{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}
## **κΈ°λ³Έ μ 보**
Telnetμ μ¬μ©μκ° λ€νΈμν¬λ₯Ό ν΅ν΄ μ»΄ν¨ν°μ μ κ·Όν μ μλ μμ νμ§ μμ λ°©λ²μ μ 곡νλ λ€νΈμν¬ νλ‘ν μ½μ
λλ€.
**κΈ°λ³Έ ν¬νΈ:** 23
```
23/tcp open telnet
```
## **μ΄κ±°**
### **λ°°λ μμ§**
```bash
nc -vn 23
```
λͺ¨λ ν₯λ―Έλ‘μ΄ μ΄κ±°λ **nmap**μ μ¬μ©νμ¬ μνν μ μμ΅λλ€:
```bash
nmap -n -sV -Pn --script "*telnet* and safe" -p 23
```
The script `telnet-ntlm-info.nse`λ NTLM μ 보λ₯Ό μ»μ΅λλ€ (Windows λ²μ ).
[telnet RFC](https://datatracker.ietf.org/doc/html/rfc854)μμ: TELNET νλ‘ν μ½μλ μ¬μ©μκ° λ μ κ΅ν (λλ μλ§λ λ¨μν λ€λ₯Έ) κ·μΉ μ§ν©μ μ¬μ©νκΈ°λ‘ λμν μ μλλ‘ "**DO, DON'T, WILL, WON'T**" ꡬ쑰μ ν¨κ» μ¬μ©λ μ μλ λ€μν "**μ΅μ
**"μ΄ μμ΅λλ€. μ΄λ¬ν μ΅μ
μλ λ¬Έμ μ§ν© λ³κ²½, μμ½ λͺ¨λ λ³κ²½ λ±μ΄ ν¬ν¨λ μ μμ΅λλ€.
**μ΄ μ΅μ
μ μ΄κ±°νλ κ²μ΄ κ°λ₯νλ€λ κ²μ μκ³ μμ§λ§, λ°©λ²μ λͺ¨λ₯΄λ―λ‘ μλ κ²½μ° μλ €μ£ΌμΈμ.**
### [Brute force](../generic-methodologies-and-resources/brute-force.md#telnet)
## Config file
```bash
/etc/inetd.conf
/etc/xinetd.d/telnet
/etc/xinetd.d/stelnet
```
## HackTricks μλ λͺ
λ Ή
```
Protocol_Name: Telnet #Protocol Abbreviation if there is one.
Port_Number: 23 #Comma separated if there is more than one.
Protocol_Description: Telnet #Protocol Abbreviation Spelled out
Entry_1:
Name: Notes
Description: Notes for t=Telnet
Note: |
wireshark to hear creds being passed
tcp.port == 23 and ip.addr != myip
https://book.hacktricks.xyz/pentesting/pentesting-telnet
Entry_2:
Name: Banner Grab
Description: Grab Telnet Banner
Command: nc -vn {IP} 23
Entry_3:
Name: Nmap with scripts
Description: Run nmap scripts for telnet
Command: nmap -n -sV -Pn --script "*telnet*" -p 23 {IP}
Entry_4:
Name: consoleless mfs enumeration
Description: Telnet enumeration without the need to run msfconsole
Note: sourced from https://github.com/carlospolop/legion
Command: msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_version; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/brocade_enable_login; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_encrypt_overflow; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_ruggedcom; set RHOSTS {IP}; set RPORT 23; run; exit'
```
**μ·¨μ½μ νκ° λ° μΉ¨ν¬ ν
μ€νΈλ₯Ό μν μ¦μ μ¬μ© κ°λ₯ν μ€μ **. 20κ° μ΄μμ λꡬμ κΈ°λ₯μ μ¬μ©νμ¬ μ΄λμλ μ 체 μΉ¨ν¬ ν
μ€νΈλ₯Ό μ€ννμΈμ. μ°λ¦¬λ μΉ¨ν¬ ν
μ€ν°λ₯Ό λ체νμ§ μμ΅λλ€ - κ·Έλ€μ΄ λ κΉμ΄ νκ³ λ€κ³ , μμ ν°λ¨λ¦¬κ³ , μ¬λ―Έλ₯Ό λλ μ μλλ‘ λ§μΆ€ν λꡬ, νμ§ λ° μ
μ© λͺ¨λμ κ°λ°ν©λλ€.
{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}
{% hint style="success" %}
AWS ν΄νΉ λ°°μ°κΈ° λ° μ°μ΅νκΈ°:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
GCP ν΄νΉ λ°°μ°κΈ° λ° μ°μ΅νκΈ°: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
HackTricks μ§μνκΈ°
* [**ꡬλ
κ³ν**](https://github.com/sponsors/carlospolop) νμΈνκΈ°!
* **π¬ [**Discord κ·Έλ£Ή**](https://discord.gg/hRep4RUj7f) λλ [**ν
λ κ·Έλ¨ κ·Έλ£Ή**](https://t.me/peass)μ μ°Έμ¬νκ±°λ **Twitter** π¦ [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**λ₯Ό νλ‘μ°νμΈμ.**
* **[**HackTricks**](https://github.com/carlospolop/hacktricks) λ° [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) κΉνλΈ λ¦¬ν¬μ§ν 리μ PRμ μ μΆνμ¬ ν΄νΉ νμ 곡μ νμΈμ.**
{% endhint %}