2

I am pentesting a server, and it appears my ports are open for telnet.

Upon accessing telnet, if I type "help" I only get these commands:

telnet> help
Commands may be abbreviated.  Commands are:

    close       close current connection
    logout      forcibly logout remote user and close the connection
    display     display operating parameters
    mode        try to enter line or character mode ('mode ?' for more)
    telnet      connect to a site
    open        connect to a site
    quit        exit telnet
    send        transmit special characters ('send ?' for more)
    set         set operating parameters ('set ?' for more)
    unset       unset operating parameters ('unset ?' for more)
    status      print status information
    toggle      toggle operating parameters ('toggle ?' for more)
    slc         change state of special charaters ('slc ?' for more)
    auth        turn on (off) authentication ('auth ?' for more)
    z           suspend telnet
    !           invoke a subshell
    environ     change environment variables ('environ ?' for more)
    ?           print help information

Are these just default commands and the telnet can't really do anything? Or is it a massive hole in a web-server if telnet is open and you can login without a username and password?

Mark
  • 34,390
  • 9
  • 85
  • 134
ddoor
  • 131
  • 1
  • 5
  • 5
    That's the telnet help information, it looks somewhat like you've not connected to the server as yet (or it didn't accept your connection) – Rory McCune Nov 16 '14 at 09:13
  • Also, if I type "Open 73.XX.XX.XX" Is says "already connected" – ddoor Nov 16 '14 at 10:39
  • fair enough, if you try just running telnet without opening a connection, I think what you'll see is that typing help returns the same commands, which is why I reckon it's the telnet help you're seeing rather than something on the server... not to say that there aren't other commands you could run which would do something on the server of course – Rory McCune Nov 16 '14 at 10:44
  • Your right, but before I hit the escape character it says its open :S very strange. – ddoor Nov 16 '14 at 10:47
  • First rule of testing, don't connect to systems without authorisation from the system owner. Also if I was you I'm not sure you should put the IP address in the open like that you might want to delete/amend that comment :) – Rory McCune Nov 16 '14 at 11:23

1 Answers1

3

You're looking at the telnet client, not the telnet server. The telnet client is just a tool which you can use to connect to TCP listeners. If you want to know if your server has telnet open, check it by:

  1. Verify on the server if a telnet daemon is listening on port TCP/23 using tools like ps, netstat and lsof (assuming this is a Linux/UNIX machine)
  2. Test it by connecting to the telnet port TCP/23 from another machine using the telnet client or a tool like nmap
Teun Vink
  • 6,788
  • 2
  • 27
  • 35