I am pentesting a server, and it appears my ports are open for telnet.
Upon accessing telnet, if I type "help" I only get these commands:
telnet> help
Commands may be abbreviated. Commands are:
close close current connection
logout forcibly logout remote user and close the connection
display display operating parameters
mode try to enter line or character mode ('mode ?' for more)
telnet connect to a site
open connect to a site
quit exit telnet
send transmit special characters ('send ?' for more)
set set operating parameters ('set ?' for more)
unset unset operating parameters ('unset ?' for more)
status print status information
toggle toggle operating parameters ('toggle ?' for more)
slc change state of special charaters ('slc ?' for more)
auth turn on (off) authentication ('auth ?' for more)
z suspend telnet
! invoke a subshell
environ change environment variables ('environ ?' for more)
? print help information
Are these just default commands and the telnet can't really do anything? Or is it a massive hole in a web-server if telnet is open and you can login without a username and password?