Telnet Service Encyption Key ID Overflow Detection
Detect telnet services vulnerable to the encrypt option Key ID overflow (BSD-derived telnetd)
Rank
- Normal
Authors
- Jaime Penalba Estebanez < jpenalbae [at] gmail.com >
- hdm < hdm [at] metasploit.com >
Vulnerability References
Development
Similar Modules
- auxiliary/scanner/telnet/lantronix_telnet_version
- auxiliary/scanner/telnet/telnet_login
- auxiliary/scanner/telnet/telnet_ruggedcom
- auxiliary/scanner/telnet/telnet_version
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/scanner/telnet/telnet_encrypt_overflow
msf auxiliary(telnet_encrypt_overflow) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(telnet_encrypt_overflow) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/scanner/telnet/telnet_encrypt_overflow
msf auxiliary(telnet_encrypt_overflow) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(telnet_encrypt_overflow) > run
Module Options
| PASSWORD | The password for the specified username |
| RHOSTS | The target address range or CIDR identifier |
| RPORT | The target port (default: 23) |
| THREADS | The number of concurrent threads (default: 1) |
| TIMEOUT | Timeout for the Telnet probe (default: 30) |
| USERNAME | The username to authenticate as |
| CHOST | The local client address |
| CPORT | The local client port |
| ConnectTimeout | Maximum number of seconds to establish a TCP connection |
| Proxies | Use a proxy chain |
| SSL | Negotiate SSL for outgoing connections |
| SSLVersion | Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) |
| ShowProgress | Display progress messages during a scan |
| ShowProgressPercent | The interval in percent that progress should be shown |
| TelnetBannerTimeout | The number of seconds to wait for the initial banner |
| TelnetTimeout | The number of seconds to wait for a reply from a Telnet command |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |
| TCP::max_send_size | Maxiumum tcp segment size. (0 = disable) |
| TCP::send_delay | Delays inserted before every send. (0 = disable) |