23 - Telnet
Theory
Telnet is an old way to connect to a remote host using the TCP protocol on port 23 to manipulate the host using the command line (like SSH). Unlike SSH, Telnet communication is not secure, and it's transmitted in cleartext. This protocol was commonly used in legacy networking devices and in Windows operating systems as well. These days we rarely see this protocol enabled in companies, but it's there, and the administrator of the server can enable it whenever they want.
These are the common weaknesses in Telnet:
Login credentials are sent in cleartext.
Command‐line text is not encrypted.
Exploitation Scenarios for Telnet Server
Credentials brute‐force
Sniffing for cleartext credentials
Sniffing for unencrypted command lines
Finding a public exploit associated with the target Telnet server version
Enumeration Workflow
Basic service scan using Nmap
Advanced scripting scan using Nmap
Brute‐forcing credentials using Hydra
Practical
Service Scan
NSE Scan
Brute Force
Hydra
REFERENCES
Last updated