Welcome to TryHackMe Network Services Walkthrough Part 2, oh yeah! Let’s learn, then enumerate and exploit a variety of network services and misconfigurations, second up is telnet. Watch this Network Services Walkthrough for TryHackMe’s room, Part 2 Telnet.

Task 5 Understanding Telnet


  • What is Telnet? application protocol
  • What has slowly replaced Telnet? ssh
  • How would you connect to a Telnet server with the IP on port 23? telnet 23
  • The lack of what, means that all Telnet communication is in plaintext? encryption

Task 6 Enumerating Telnet


  • How many ports are open on the target machine? 1
  • What port is this? 8012
  • This port is unassigned, but still lists the protocol it’s using, what protocol is this? tcp
  • Now re-run the nmap scan, without the -p- tag, how many ports show up as open? 0
  • Based on the title returned to us, what do we think this port could be used for? a backdoor
  • Who could it belong to? Gathering possible usernames is an important step in enumeration. Skidy

Task 7 Exploiting Telnet


  • Great! It’s an open telnet connection! What welcome message do we receive? SKIDY’S BACKDOOR.
  • Let’s try executing some commands, do we get a return on any input we enter into the telnet session? (Y/N) N
  • Now, use the command “ping [local THM ip] -c 1” through the telnet session to see if we’re able to execute system commands. Do we receive any pings? Note, you need to preface this with .RUN (Y/N) Y
  • What word does the generated payload start with? mkfifo
  • What would the command look like for the listening port we selected in our payload? nc -lvp 4444
  • Success! What is the contents of flag.txt? THM{y0u_**********}