[Download
|Documentation
|Targets
|Mail
]
Disclaimer
The license for all Phenoelit tools can be found
here.
Introduction
I keep this short:
TeeNet is just for the completeness of our collection. We use it and it works - but like you will know: Telnet protocol is not the fastest kind of communication. But Cisco likes it, Ascent likes it and therefor we use it ...
Just start it if you know an account on the target system (not needed for Cisco) and hope, that the stupid admin selected a password from your wordlist ;-)
How it works
The standard call is:
./tn -a root -w wordlist.txt -h target.company.com
but this is not the finest.
Use the timeout switches and the pattern declarations for better tuning:
- -a
Username (account) for you attack. You don't need this for Cisco.
- -w
The Wordlist. This one is required
- -h
Hostname or IP address of your target host
- -u
UNIX mode. This means you need a username and a password to login. Default
- -c
Cisco mode. Not only for Cisco routers. Use this for all systems where you are propted for a password (and NOT for a username).
- -v
Be verbose but do not display the received data ...
- -V
Display all send and received data.
- -t
Timeout for data transfer (the seconds). Mostly 0 - default is 5.
- -T
Timeout for data transfer (the usec part). Try different values for this. On LAN you should start with 100000 or 80000. May be you can use lower values or you have to use higher values ...
- -L
Login pattern. This one is used to identify the "login:" Prompt. If you are prompted different (like "username:") use this switch (eg. -L 'sername:').
- -P
Password pattern. The same storry like -L but for the password part ...
- -S
Shell pattern. How does TeeNet identify the successfull login ? When this pattern matches. You should use this every time. A good idea is -S '>' or -S 'from'.
Tips
First tip: If you have the possibility to crack other passwords - do it. Telnet is slow and not that stable !.
Use the timeouts. The longer your timeout is - more time per try is required. But the telnet deamon is not that loaded. Smaller timeouts are good in LAN environments but you may experience connection problems...
If you are not sure about the login pattern, use the -V switch and look at the output in your terminal. May be TeeNet finds the password and you miss it.