How to exploit TELNET?

Question

I was playing around on my website and was trying to hack it. I read an article about telnet the article said to test telnet hostname/ipaddress port.

I used this and I got this back:

Trying 103.211.216.63...
Connected to 103.211.216.63.
Escape character is '^]'.
220-bh-in-20.webhostbox.net ESMTP Exim 4.93 #2 Wed, 03 Feb 2021 13:47:18 +0000 
220-We do not authorize the use of this system to transport unsolicited, 
220 and/or bulk e-mail.

Is it normal or can I hack my website by this?

What you show is not even accessing the web server. It is accessing the mail server, i.e. you likely connected to port 25 (SMTP). — Steffen Ullrich, Feb 03 '21 at 15:20
If you are asking whether or not you opened a shell on the server, the answer is "no". — schroeder, Feb 03 '21 at 15:26

mti2935 · Answer 1 · 2021-02-03T14:18:23.130

Is it normal?

Yes

can I actually hack my website by this?

No.

Telnet simply connects to your web server in the same way that a browser would connect to your web server. The difference is that with telnet, you type the request manually, and then telnet displays the underlying text of the response - whereas with a web browser, this happens behind the scenes (although you can view and/or modify the requests and responses using the developer tools in most web browsers).

Therefore, using telnet alone does not enable you 'hack a website' - unless the site already has some vulnerability, in which case you may be able to exploit the vulnerability using telnet or another tool.

Last but not least, telnet can only be used to connect to a web server via (unencrypted) HTTP (usually on port 80), not (encrypted) HTTPS (usually on port 443). To connect to a web server via HTTPS using a similar text/command based tool, you can use openssl s_client. See https://www.openssl.org/docs/man1.0.2/man1/openssl-s_client.html for more info.

@schroeder Yes, but telnet alone is not enough to hack a website - there must be some underlying vulnerability, which you can then exploit using telnet (or any other tool, for that matter, that is capable of opening a socket to the server). It's like saying you can bake bread using water. Yes, that is true, but you also need flour. — mti2935, Feb 03 '21 at 16:26

score 0 · Answer 2 · edited Oct 07 '21 at 07:34

Telnet clients can be used in 2 different modes. When connected to a true telnet server (usually on port 23), it uses the TELNET protocol defined by RFC 854 and is use as a remote terminal program.

In any other case, it just (almost^(*)) tranparently transmits every character given locally to the remote, and displays locally every character sent from the remote.

It is not a dangerous tool per se, but it can be used to bypass any control made by well behaving clients, and because of that it is often seen as a hacker tool. In fact, it is highly used by developpers and admins to manually test various servers. It was intended to be a simple remote terminal program before being superseded by ssh for that use, because the latter allows for encrypted exchange, while telnet assumed the network to be secure and transmitted everything in clear text. But it is still used as a netcat clone because it is installed by default on most Unix-like systems.

^(*) most telnet client have an escape character that allows to open a command mode to pass commands to the telnet program.

How to exploit TELNET?

2 Answers2