Port 23 – Telnet

How to enumerate port 23 (Telnet)


Telnet protocol considered insecure because it doesn’t encrypt data. The protocol is old and is affected by various Code-Execution vulnerabilities, might be worth checking exploit-db.com for that.

Brute force Telnet with Nmap:

nmap -p 23 --script telnet-brute --script-args userdb=/usr/share/metasploit-framework/data/wordlists/unix_users,passdb=/usr/share/wordlists/rockyou.txt,telnet-brute.timeout=20s

Brute force with Metasploit:

use auxiliary/scanner/telnet/telnet_login
msf auxiliary(telnet_login) > set BLANK_PASSWORDS false
msf auxiliary(telnet_login) > set PASS_FILE passwords.txt
PASS_FILE => passwords.txt
msf auxiliary(telnet_login) > set RHOSTS
msf auxiliary(telnet_login) > set THREADS 254
THREADS => 254
msf auxiliary(telnet_login) > set USER_FILE users.txt
USER_FILE => users.txt
msf auxiliary(telnet_login) > set VERBOSE false
VERBOSE => false
msf auxiliary(telnet_login) > run

Brute force with Hydra:

hydra -l root -P /root/SecLists/Passwords/10_million_password_list_top_100.txt telnet

Detect Telnet version:

use auxiliary/scanner/telnet/telnet_version
msf auxiliary(telnet_version) > set RHOSTS
msf auxiliary(telnet_version) > set THREADS 254
THREADS => 254
msf auxiliary(telnet_version) > run


Leave A Reply

Your email address will not be published.