OSCP Playbook
Search
K
Comment on page

Telnet

SMTP Banner grabbing through telnet

telnet $ip 25
If you received a message code 250,251,252 which means user account is valid.

Nmap enumeration

nmap -p 23 --script=telnet-ntlm-info.nse

Configuration files

/etc/inetd.conf
/etc/xinetd.d/telnet
/etc/xinetd.d/stelnet

BruteForce Attack

hydra -l root -P /root/SecLists/Passwords/10_million_password_list_top_100.txt $ip telnet

Exploitation

  • Gather version numbers
  • Searchsploit
  • Default Creds
  • Creds previously gathered
  • Download the software