Telnet – port 23

Telnet is a protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.

Enumeration
Telnet Client

Enumeration

Nmap scripts

ls -la /usr/share/nmap/scripts/telnet*
/usr/share/nmap/scripts/telnet-brute.nse
/usr/share/nmap/scripts/telnet-encryption.nse
/usr/share/nmap/scripts/telnet-ntlm-info.nse
nmap -Pn -p 23 --script "telnet* and not brute" $IP -oA nmap-telnet
nmap -Pn -p 23 --script "telnet* and not brute" --script-args=smbusername=${USER},smbpassword=${PASS} -d $IP -oA nmap-telnet
nmap -Pn -sV -p 23 --script=telnet-brute $IP -oA nmap-telnet-brute

Telnet Client

Connect to server/port

telnet $IP $PORT

Login

Enter password even if there is no prompt message asking for the password!

telnet -l $USER $IP 23
<password>

Examples

Connect to POP3

IP=x.x.x.x
telnet $IP 110
USER uid       # Log in as "uid"
PASS password  # Substitue for your actual password

STAT       # List number of messages, total mailbox size
LIST       # List messages and sizes
RETR n     # Show message n
DELE n     # Mark message n for deletion
RSET       # Undo any changes
QUIT       # Logout (expunges messages if no RSET)
TOP msg n  # Show first n lines of message number msg

Connect to FTP

# http://www.nsftools.com/tips/RawFTP.htm
IP=x.x.x.x
telnet $IP 21
Should say Hello if port is not blocked

USER anonymous  # Try anonymous loggin

USER - Send username to the FTP server
PASS - Send the password (Anonymous servers need email address)
CWD  - Change the working directory on the server
PASV - To enter the passive mode (To let client connect to the server)
RETR - To retrieve a remote file from the server
QUIT - To terminate the connection to the server
ABOR - abort a file transfer
CWD  - change working directory
DELE - delete a remote file
LIST - list remote files
MDTM - return the modification time of a file
MKD  - make a remote directory
NLST - name list of remote directory
PASS - send password
PASV - enter passive mode
PORT - open a data port
PWD  - print working directory
QUIT - terminate the connection
RETR - retrieve a remote file
RMD  - remove a remote directory
RNFR - rename from
RNTO - rename to
SITE - site-specific commands
SIZE - return the size of a file
STOR - store a file on the remote host
TYPE - set transfer type
USER - send username