mirror of
https://github.com/anotherhadi/blog.git
synced 2026-07-06 16:52:33 +02:00
198112501a
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
1.1 KiB
1.1 KiB
title, description, tags, publishDate
| title | description | tags | publishDate | |||
|---|---|---|---|---|---|---|
| Telnet | Enumeration, exploitation and post-exploitation techniques for Telnet servers. |
|
2026-05-04 |
Telnet runs on port 23 and transmits all data (including credentials) in cleartext. Common on embedded devices, legacy systems, routers, and IoT equipment.
Enumeration
Banner grabbing
nc -nv $IP 23
telnet $IP
The banner often reveals the OS, hostname, or device type.
Nmap
nmap -sV -p 23 $IP
nmap -p 23 --script telnet-* $IP
Key scripts:
telnet-ntlm-info: extracts NTLM info (Windows targets)telnet-brute: brute-force credentials
Connect
telnet $IP
telnet $IP 23
Login with user / password. Session is fully interactive once authenticated.
Brute Force
hydra -l $user -P ~/wordlists/rockyou.txt telnet://$IP
medusa -h $IP -u $user -P ~/wordlists/rockyou.txt -M telnet
Try default credentials first. Routers and embedded devices commonly ship with admin:admin, root:root, or blank passwords.