Mirrors/hacktricks

Fork 0

mirror of https://github.com/carlospolop/hacktricks synced 2024-11-23 13:13:41 +00:00

Translator workflow 75e8745ba3 Translated to Hindi

2023-11-06 08:38:02 +00:00

14 KiB

Raw Blame History

23 - पेंटेस्टिंग टेलनेट

☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥

क्या आप साइबर सुरक्षा कंपनी में काम करते हैं? क्या आप अपनी कंपनी को HackTricks में विज्ञापित देखना चाहते हैं? या क्या आपको PEASS की नवीनतम संस्करण या HackTricks को PDF में डाउनलोड करने का उपयोग करने की इच्छा है? सदस्यता योजनाएं की जांच करें!
खोजें The PEASS Family, हमारा विशेष संग्रह NFTs
प्राप्त करें आधिकारिक PEASS & HackTricks swag
शामिल हों 💬 Discord समूह या टेलीग्राम समूह या मुझे Twitter पर फ़ॉलो करें 🐦@carlospolopm.
अपने हैकिंग ट्रिक्स साझा करें और PRs सबमिट करें hacktricks repo और hacktricks-cloud repo को

DragonJAR Security Conference es un evento internacional de ciberseguridad con más de una década que se celebrará el 7 y 8 de septiembre de 2023 en Bogotá, Colombia. Es un evento de gran contenido técnico donde se presentan las últimas investigaciones en español que atrae a hackers e investigadores de todo el mundo.
¡Regístrate ahora en el siguiente enlace y no te pierdas esta gran conferencia!:

{% embed url="https://www.dragonjarcon.org/" %}

मूलभूत जानकारी

टेलनेट एक नेटवर्क प्रोटोकॉल है जो उपयोगकर्ताओं को नेटवर्क के माध्यम से कंप्यूटर तक पहुंचने का एक असुरक्षित तरीका प्रदान करता है।

डिफ़ॉल्ट पोर्ट: 23

23/tcp open  telnet

बैनर ग्रबिंग

nc -vn <IP> 23

सभी रोचक जाँच निर्देशिका nmap द्वारा की जा सकती है:

nmap -n -sV -Pn --script "*telnet* and safe" -p 23 <IP>

स्क्रिप्ट telnet-ntlm-info.nse NTLM जानकारी (Windows संस्करण) प्राप्त करेगा।

टेलनेट प्रोटोकॉल में विभिन्न "विकल्प" होते हैं जो स्वीकृत किए जाएंगे और "DO, DON'T, WILL, WON'T" संरचना के साथ उपयोग किए जा सकते हैं ताकि उपयोगकर्ता और सर्वर अपने टेलनेट कनेक्शन के लिए एक अधिक विस्तृत (या शायद बस अलग) समझौते सेट का उपयोग करने के लिए सहमत हो सकें। ऐसे विकल्पों में चरित्र सेट, इको मोड आदि शामिल हो सकते हैं। (टेलनेट RFC से)
मुझे पता है कि इन विकल्पों की गणना संभव है, लेकिन मुझे नहीं पता कि इसे कैसे करें, इसलिए अगर आपको पता है तो मुझे बताएं।

ब्रूट फोर्स

कॉन्फ़िग फ़ाइल

/etc/inetd.conf
/etc/xinetd.d/telnet
/etc/xinetd.d/stelnet

HackTricks स्वचालित आदेश

Telnet

Telnet is a network protocol used to establish a remote shell session with a host over the Internet. It is commonly used for remote administration and troubleshooting purposes. However, it is also a common target for hackers due to its lack of security features.

Telnet Banner Grabbing

Banner grabbing is a technique used to gather information about a target system by capturing the banner message that is displayed when connecting to a service. Telnet banner grabbing can provide valuable information about the target system, such as the operating system, version, and other details.

To perform telnet banner grabbing, you can use the following command:

telnet <target_ip> <port>

Replace <target_ip> with the IP address of the target system and <port> with the port number of the telnet service.

Telnet Brute-Force Attack

A brute-force attack is a method of trying all possible combinations of passwords until the correct one is found. Telnet brute-force attacks involve repeatedly attempting to log in to a telnet service using different username and password combinations.

To perform a telnet brute-force attack, you can use the following command:

hydra -l <username> -P <password_list> <target_ip> telnet

Replace <username> with the desired username, <password_list> with the path to a file containing a list of passwords, and <target_ip> with the IP address of the target system.

Telnet Command Injection

Telnet command injection is a vulnerability that allows an attacker to execute arbitrary commands on a target system by injecting malicious commands into a telnet session. This can be exploited if the telnet service does not properly sanitize user input.

To perform a telnet command injection, you can use the following command:

telnet <target_ip> <port>

Once connected, you can try injecting commands by entering them directly into the telnet session.

Telnet Password Sniffing

Telnet password sniffing is a technique used to capture passwords sent over a telnet session. This can be done by intercepting network traffic and analyzing it to extract the passwords.

To perform telnet password sniffing, you can use tools like Wireshark to capture and analyze the network traffic.

Telnet Remote Code Execution

Telnet remote code execution is a vulnerability that allows an attacker to execute arbitrary code on a target system by exploiting a flaw in the telnet service. This can be done by sending specially crafted commands or data to the telnet service.

To perform telnet remote code execution, you need to identify and exploit a specific vulnerability in the telnet service. This typically requires advanced knowledge and expertise in vulnerability research and exploitation techniques.

Telnet Man-in-the-Middle Attack

A man-in-the-middle (MITM) attack is a type of attack where an attacker intercepts and alters communication between two parties without their knowledge. Telnet sessions can be vulnerable to MITM attacks if the communication is not encrypted.

To perform a telnet MITM attack, you can use tools like Ettercap or Wireshark to intercept and manipulate the telnet traffic.

Telnet Password Cracking

Telnet password cracking is the process of recovering passwords from a telnet service by using various techniques such as brute-forcing, dictionary attacks, or rainbow table attacks.

To perform telnet password cracking, you can use tools like Hydra or John the Ripper to automate the password recovery process.

Telnet Exploits

There are various known vulnerabilities and exploits for the telnet service. These exploits can be used to gain unauthorized access to a target system or execute arbitrary code.

To find and exploit telnet vulnerabilities, you can search for known exploits in vulnerability databases or use tools like Metasploit to automate the exploitation process.

Telnet Post-Exploitation

Once you have gained access to a target system through telnet, you can perform various post-exploitation activities to further compromise the system or gather information.

Some common post-exploitation activities include privilege escalation, lateral movement, data exfiltration, and maintaining persistence on the target system.

To perform telnet post-exploitation, you can use various tools and techniques depending on your objectives and the target system's configuration.

Protocol_Name: Telnet    #Protocol Abbreviation if there is one.
Port_Number:  23     #Comma separated if there is more than one.
Protocol_Description: Telnet          #Protocol Abbreviation Spelled out

Entry_1:
Name: Notes
Description: Notes for t=Telnet
Note: |
wireshark to hear creds being passed
tcp.port == 23 and ip.addr != myip

https://book.hacktricks.xyz/pentesting/pentesting-telnet

Entry_2:
Name: Banner Grab
Description: Grab Telnet Banner
Command: nc -vn {IP} 23

Entry_3:
Name: Nmap with scripts
Description: Run nmap scripts for telnet
Command: nmap -n -sV -Pn --script "*telnet*" -p 23 {IP}

Entry_4:
Name: consoleless mfs enumeration
Description: Telnet enumeration without the need to run msfconsole
Note: sourced from https://github.com/carlospolop/legion
Command: msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_version; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/brocade_enable_login; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_encrypt_overflow; set RHOSTS {IP}; set RPORT 23; run; exit' && msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_ruggedcom; set RHOSTS {IP}; set RPORT 23; run; exit'

ड्रैगनजार सुरक्षा सम्मेलन एक अंतर्राष्ट्रीय साइबर सुरक्षा कार्यक्रम है, जो 7 और 8 सितंबर 2023 को कोलंबिया के बोगोटा में आयोजित होगा। यह एक तकनीकी भरपूर सामग्री वाला कार्यक्रम है जहां स्पेनिश में नवीनतम शोध प्रस्तुत किए जाते हैं और यह दुनिया भर के हैकर्स और शोधकर्ताओं को आकर्षित करता है।
इस महान सम्मेलन को न छोड़ें, अब नीचे दिए गए लिंक पर रजिस्टर करें!: