From a network security perspective, one would hope that Telnet would no longer be in use as everything, including credentials is passed in the clear but the fact is, you will still frequently encounter systems running Telnet, particularly on legacy systems. The telnet_version auxiliary module will scan a subnet and fingerprint any Telnet servers that are running. We just need to pass a range of IPs to the module, set our THREADS value, and let it fly.
msf > use auxiliary/scanner/telnet/telnet_version msf auxiliary(telnet_version) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- PASSWORD no The password for the specified username RHOSTS yes The target address range or CIDR identifier RPORT 23 yes The target port THREADS 1 yes The number of concurrent threads TIMEOUT 30 yes Timeout for the Telnet probe USERNAME no The username to authenticate as msf auxiliary(telnet_version) > set RHOSTS 192.168.1.0/24 RHOSTS => 192.168.1.0/24 msf auxiliary(telnet_version) > set THREADS 254 THREADS => 254 msf auxiliary(telnet_version) > run [*] 192.168.1.2:23 TELNET (GSM7224) \x0aUser: [*] 192.168.1.56:23 TELNET Ubuntu 8.04\x0ametasploitable login: [*] 192.168.1.116:23 TELNET Welcome to GoodTech Systems Telnet Server for Windows NT/2000/XP (Evaluation Copy)\x0a\x0a(C) Copyright 1996-2002 GoodTech Systems, Inc.\x0a\x0a\x0aLogin username: [*] Scanned 254 of 256 hosts (099% complete) [*] Scanned 255 of 256 hosts (099% complete) [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(telnet_version) >
0 Comments:
Post a Comment