How can telnet protocols be exploited

The Telnet session between the client and the server is not encrypted. This network attack requires very little expertise and can be performed with network debugging tools that are readily available. Packet sniffing attacks like the above were the underlying reason for developing SSH, and they were the most common security problem on the Internet already in the mids. Today mass monitoring and mass collection of credentials from the Internet by intelligence agencies, criminals, and hackers is routine.

The figure below presents a sample mock attack on an unprotected network protocol such as Telnet. Without encryption the data communications can be read by anyone that has access to the network packet stream. In the figure above the black terminal window is used to run a common network traffic analysis tool tcpdump while the maroon window is used to run a Telnet session to a weather information service.

If no port is indicated, an attempt will be made to connect automatically to port The telnet service provides you with a shell. The port on which this protocol usually runs is port But in this post I will also tell you about the telnet client, the tool that allows direct connection to different protocols. The telnet client is a tool for manually entering the different services running on a machine.

You can use telnet to access any port and check what is there. For example, you can use telnet on port 22 and see the SSH service header, telnet on port 25 and send commands from the SMTP messaging service:. This is also possible with other tools such as netcat, however there is a slight difference that can make trying to connect to a protocol via telnet work while via netcat does not, and vice versa. Below is a server where there is a service on port that nmap has not recognized.

As we can see, this service allows us to execute queries to a database, and we can connect via telnet. Although they are also tools that can be used to make these connections between servers, we see that when we send the help command we do not receive any more response, so we have to abort the session. In my experience it is common for this to happen, so it is a good idea to test the services with different tools during a pentesting session.

To do this we will analyse the traffic with wireshark. As I mentioned before, we can see the traffic in clear thanks to the fact that this protocol is not encrypted. Telnet is a client-server protocol used for the link to port number 23 of Transmission Control Protocol. Using Telnet, you can even test open ports on a remote network.

Telnet is an unencrypted and therefore insecure protocol and we recommend to use SSH over the telnet as it is an encrypted protocol. But still, you should have the understanding of all the protocols and telnet is one of the protocols through which you can connect to the other system in your local network. Telnet Server installation is quite simple. Run the following command with root access in your Ubuntu to install Telnet.

Upon completion of the installation, you can test the Telnet service status by using the following command. And with the output shown in the screenshot, we can observe that the service is active in Ubuntu. Test Telnet Connection from Windows machine. Now we will connect telnet with putty. Enter the IP address of Ubuntu and give port 23 in order to connect with telnet and hit open. As we hit open a new pop up gets open which asks for the Ubuntu username and password and after submitting the right values we are logged in to Ubuntu.

The telnet is installed. Log in to your kali machine and run the following command. To get connected it will ask for the username and password, after providing the right values; you got connected.