anotherhadi/blog
1
Fork 0
mirror of https://github.com/anotherhadi/blog.git synced 2026-05-20 05:32:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Init telnet

Browse Source 
Signed-off-by: Hadi <hadi@example.com>
This commit is contained in:
Hadi
2026-05-04 14:11:03 +02:00
parent d6d410a2fa
commit 4f64ccf706
1 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/content/notes/network/telnet.md
+52
View File
@@ -0,0 +1,52 @@
---
title: "Telnet"
description: "Enumeration, exploitation and post-exploitation techniques for Telnet servers."
tags: ["telnet", "network", "service"]
publishDate: 2026-05-04
---
## Overview
Telnet runs on **port 23** and transmits all data (including credentials) in **cleartext**.
Common on embedded devices, legacy systems, routers, and IoT equipment.
## Enumeration
### Banner grabbing
```bash
nc -nv $IP 23
telnet $IP
```
The banner often reveals the OS, hostname, or device type.
### Nmap
```bash
nmap -sV -p 23 $IP
nmap -p 23 --script telnet-* $IP
```
Key scripts:
- `telnet-ntlm-info`: extracts NTLM info (Windows targets)
- `telnet-brute`: brute-force credentials
## Connect
```bash
telnet $IP
telnet $IP 23
```
Login with `user` / `password`. Session is fully interactive once authenticated.
## Brute Force
```bash
hydra -l $user -P /usr/share/wordlists/rockyou.txt telnet://$IP
medusa -h $IP -u $user -P /usr/share/wordlists/rockyou.txt -M telnet
```
Try default credentials first. Routers and embedded devices commonly ship with `admin:admin`, `root:root`, or blank passwords.