Introduction: How to Hack Telnet

Picture of How to Hack Telnet

Here is a guide to learn basic hacking techniques. Telnet is the base of most hacking.

This was titled like this to be entered into the Burning Questions Group. I understand it to mean, "How to hack via Telnet," so that's what this instructable is about.

Step 1: Download Stuff

Picture of Download Stuff

The only thing you will need is a port scanner. nmap is a free and powerful port scanner. You can download it for Windows, Mac OSX, or Linux. If possible make sure you install the GUI with it. It comes with the Windows installer.

Step 2: Using Zenmap (nmap's GUI)

Picture of Using Zenmap (nmap's GUI)

It's pretty simple. Open the program and in the "Target" box, type the ip address of the computer you want to hack.

If you don't know the ip address, go to the computer you want to access (I will assume you have the legal rights to whatever you are trying to access), open a command line and type ipconfig. You can try to hack devices too sometimes. Routers and switches sometimes have telnet. Try scanning these too.

Say you want to scan a range of IP addresses, then you would type the beginning IP address followed by (no spaces) a dash ( - ) and the end of the last IP address. For example, if you wanted to scan to then you would type .

In the "Profile" menu of Zenmap, select "Intense scan" if it is not already selected. Click scan and watch as the program scans the computer or device for open ports. Watch the nmap output until you see some words in green. These are the open ports on the computer or device. If port 23 is open, your device is hackable.

Many servers and routers have port 23 open.

If you can't find a device with Telnet enabled, use .

Step 3: Make Sure That You Don't Make Hacking Instructables at School

Picture of Make Sure That You Don't Make Hacking Instructables at School

I started this instructable in the computer lab of the local community college. I soon got a message saying that what I was doing was considered suspicious activity. I think the port scanner is what did it. I wish I could post a picture of the message, but they blocked internet access to my computer. Oh well, I guess I'll finish this at home.

Step 4: Start the Telnet Program

Picture of Start the Telnet Program

Now you can go and download some telnet programs. But whats the point of that? Most operating systems come with telnet built in. For Windows, click Start -> Run (or Windows Key + R) and type telnet in the box. This will open a telnet screen.

Step 5: Start the Connection

Picture of Start the Connection

In the telnet box type "o TheAddressOfTheComputerYouWantToConnectTo PortNumber"
You will want to use the IP address that you found port 23 open on, or the game,
For example, using as our telnet server you would type "o 23".

If you don't type a port number, it will assume you mean 23.

Now hit enter to connect.

Step 6: Play With the Device You Connected To

Picture of Play With the Device You Connected To

Now here is where it will get slightly more difficult for me to explain. The reason this is, is that every device has its own interface from here. Some will need code, and others will take you though its program, step by step. Nethack is a game that you play.

One of the most easy thing to hack via telnet, is a Cisco router. All Cisco routers have a telnet server built in. To learn the Cisco "language" go to this website.

When connected to a Cisco router you will get something similar to the picture below. Type "enable" and you can use the privileged mode. After entering privileged mode, type "config t" to configure the router.

Step 7: Jumping

Picture of Jumping

The way most hackers use telnet to hack, is to telnet one device away from their computer. They use that device to open a connection to somewhere else. They do this several times in different parts of the world to protect their own identity. They like to target homes that do not know they are running a telnet server. They use those because if they do not keep a log of connections, it will be hard for anyone to track them if legal issues became a problem. Hackers can take down big systems using telnet, but most major companies put up protection against these types of attacks.

Let me remind you that while it is not illegal to use telnet on stuff you own or have permission to, it is very illegal to use telnet to harm systems you do not have permission to. This guide was meant as a tool to hack into your own stuff. Many Linksys routers have telnet in them. People use the telnet as a means of making the power sent to the antennas (wireless routers) stronger. This in turn, makes the signal stronger.

PS. The WRT54G is the easily hackable Linksys router.


hq (author)2009-02-10

If you remember what the massage said tell me please.

Mr.Ownage (author)hq2009-06-18

I got it from my school a few weeks ago, that's some serious bullsh*t They said if I dont stop, they'd put me on a list (some sort of black list) and I wouldn't be able to get the programming class next year and I would be banned from any computer lab Frankly, I dont care to be banned, but I gotta take that freaking class if I wanna live later...

wirah (author)Mr.Ownage2010-11-07

Oddly enough, my early days of hacking my school's computer network is the exact reason I own a computer consultancy company today.

Problem with schools are they don't encourage the sort of activity which allows you to think for yourself, and would rather you follow a set and closed path which in most cases, leads nowhere.

I'd get some old computers, build yourself a network, and learn about networking that way. Oh, and use Linux, Windows is not build for this sort of work, and will serve only to get in your way.

adamazing (author)wirah2012-07-25

Problem with schools are they don't encourage the sort of activity which allows you to think for yourself, and would rather you follow a set and closed path which in most cases, leads nowhere.

That's a little disingenuous isn't it? They don't encourage the sort of activity that slows the network down for everyone else and that if successful would lead to the exposure of confidential, private student/staff data. They would rather people with just enough knowledge to be dangerous did not engage in potentially harmful behaviour on their network.  
Mostly, it's probably just annoying them that they have to deal with some idiot kiddy who discovered nmap and has decided to use it on its most agressive settings (WTF?) when they could know...doing the productive parts of their job.
EnricoP11 (author)adamazing2016-05-22

just use tor proxychains ... ;)

thepaul93 (author)Mr.Ownage2009-07-13

thats why you go in the libary with a laptop, crack their internet, then do it

hq (author)Mr.Ownage2009-06-19

So what did the message say?

SyamimS (author)2015-09-17

can i know how to hack facebook account?

Mi-technology (author)2015-05-13

how can i use.. the telnet control the programs on another computer?

dan-ball (author)2009-04-28

When I try to do the scan, it says "dnet: Failed to open device eth5 QUITTING!" What's going on?

cooltronics3200 (author)dan-ball2012-08-14

me too

dunderwood (author)dan-ball2011-03-03

you have to do "Intense scan, all TCP Ports" for it to work properly.

nitendo9 (author)dan-ball2009-08-30

me too

DexHunx (author)nitendo92010-01-17

me too,
has anyone found the reason of this?

adamazing (author)2012-07-25
  1. Don't use telnet, download PuTTY, it's much nicer to use and lets you save connections. It'll also let you connect to SSH. Either that, or download Cygwin to get a Linux-like environment within Windows.
  2. DON'T use nmap if you're sitting in a college/school computer lab signed in under your own username. 
  3. DON'T use nmap on its most agressive settings, especially if you are doing it against a network you don't own or have permission to use it on (in the form of a written contract).  
Ignoring 2 and 3 will lead to you getting caught. Fast. As you discovered.

electronicz (author)2012-05-19

Does the nmap port scanner contain a virus??

abran5 (author)2012-04-23

too bad i can't use the ip address of the computer i'm using

redrhinos7 (author)2012-02-05

does polyscript work?

redrhinos7 (author)2012-02-05

where do you download telnet?

hooohooo (author)2012-01-29

What is port 23 isn't open but others are? How do you go about hacking something then?

account3r2 (author)2012-01-06

I think I purposely left an open, password protected port on my router...

hm38 (author)2011-09-06

This is a guide to finding a telnet server and connecting to it in the hope that it's not got a username or password set. This is not hacking but it does give people just enough information to get into trouble.

If you go around connecting to random unsecured telnet servers with no idea what you are doing you are not going to gain anything.

The best piece of advice you can give is find your System Admin and tell them they have an open telnet service.

Everett_McKinley (author)hm382011-11-28


didgitalpunk (author)2011-07-04

dude this is all great stuff but it left me with some questions.
1 can you hack your way into a server?
2 can you control a pc from another one with telnet?

npm (author)2011-06-13

nvm i found out how

npm (author)2011-06-11

my computer seems not to have a telnet program built in do you know where is can download a good one.

8s.cschreur (author)2011-06-05

You should try to download the software over again. Also, some Devices aren,t hackable via Telnet.

8s.cschreur (author)2011-06-05

Thanks! I got it to work fine!

8s.cschreur (author)2011-06-05

Cool! Thanks for the info.!

MicrosoftEmployee (author)2010-05-26

hey man great tutorial, just what ive been looking for. i was just wondering how exactly do i get into the ive gotten to the point where it asks for a login and all that stuff, but how do i get into the actuaall server?

It won't let me enter a password.

aryankhurana (author)2010-09-11

if you want to create a batch virus goto to take a demo of ultimate virus creator. its a very powerfull tool to create virus.

girrrrrrr2 (author)2008-10-10

i am running this in wine... and when ever i try to start it. where ever there should be words there is a big black mark... any help please?

Tachyon (author)girrrrrrr22008-10-25

Why would you use wine to do this? nmap and telnet are originally native UNIX apps and come with any decent LINUX distro....

girrrrrrr2 (author)Tachyon2008-10-26

is ubuntu a decent distro?

hiroe (author)girrrrrrr22009-04-28

yes, open the command line and type telnet (stuff)

revolutin (author)hiroe2010-03-21

 hello sir i am abbas i am doing b.E final year my project is network security if you free plz teach me

LkArio (author)girrrrrrr22009-08-21

Many people hate it, many people follow it as if it were a religion. You can download nmap/zenmap from Ubuntu's repositories, or at least Debian's.

Prometheus (author)2008-04-26

PS. The WRT54G is the easily hackable Linksys router. Not true for outsiders, if you are smart enough to change permissions and WEP keys. Probably one of the more secure routers you can have unless you have the proper permissions. Hackable internally? yes. Hackable externally? not very easily. An example of my password is "_34ÉñTkG_mXº93_". No matter if you saw it, you'd never be able to enter it properly without months of constant attempts, which I'd eventually be made aware of, but I don't even share it with anyone unless I want them to have it. I'll give you a hint: Those are not underscores in the password, even though they show as such. This instructable is as good for hacking your own equipment as it is for keeping others from doing so. Nice work on the project! A + rating for you.

Arbitror (author)Prometheus2008-11-29

Actually, in the text you entered on instuctables it is technically underscores..

Prometheus (author)Arbitror2008-11-30

"Technically", but that is the default display character for "non-display characters". As I said before, you can try this on my router, and it'll just laugh at your attempts. They show as underscores here because the site itself uses them for characters it cannot display, but are still there. Example:

0xFF = _
Shift "-" = _

I entered those both as two different characters, despite the fact that they appear the same. The example you see above in the previous post is exactly as I intended, and was not a flaw or misinterpretation of punctuation or any other. This is how the security works, by using the other 200-or-so characters NOT used for common text, so that even if they can see them, they can't be sure exactly what the real password is.

GZNG (author)Prometheus2010-02-11

where do you get the en/decoders from?

Arbitror (author)Prometheus2008-11-30

I totally know what your saying, I use the same system for my passwords too. But the underscores that are actually on this website are underscores, and not special symbols. They could be 0xFF, or in another text 0x5F. But on instructables, the physical text on the screen is really an underscore. Try copying and pasting it.

Prometheus (author)Arbitror2008-12-01

That's pretty much what I said, so we agree to agree....Maybe I should have said, "This site -uses- underscores for characters it cannot display".

Kush_Slayer (author)Prometheus2009-02-19

lol wep keys, you can crack them with programs on the internet and i made a program a little while back that can tell you the alt codes for whatever you put into it ☺☻♦♣○

Prometheus (author)Kush_Slayer2009-02-21

You sure? Because I use 8 AND 16-bits to make such passwords, making most any such application worthless. You cannot distinguish just what byte level I have used for sure, even if you got past the internal firewalls, and assuming you could find my router with DHT turned off. Besides, if I see activity that I didn't authorize and is not doubly-confirmed by my firewall or modem in tandem, I can just pull the plug and change the password again later. Even a "brute force" attack with mine would take you weeks to find with DHT enabled. Without DHT, you are completely out of luck. I'm protected simply because I'm not worth all the trouble. BTW, a program that will tell you the "alt-codes" as you call them, is called XVI32, as any common hex-editor. No sense writing one if so many are available for free. Nonetheless, post me a link for it on a file-hosting site, I'd love to have a look at it. I might add it as part of my toolbox if it's functionally-literate with what I want to do with it, and can do so in under 1 Mb total size... ƠŖĐĖř

macle (author)Prometheus2009-11-26

 Um.. Wep was broken the moment it was lauched..

briscuits (author)Prometheus2009-11-25

"We have a "be nice" comment policy. Please be positive and constructive with your comments or risk being banned from our site." Wow, that was a good reminder. Just a FYI, firewalls have absolutely nothing to do with WEP security. Breaking WEP is all about the encryption. I send you a few weak packets, bam. Done. Oh, and if I were to crack your network(which I wouldn't as it is a crime) I would change my MAC to yours, in which case you would never see the difference between my packets and yours. Finding a hotspot with no SSID is incredibly simple with the help of programs like kismet, and it would likely take less than 30 seconds to crack your AP, special characters or not. Check the aircrack-ng main page. Lets all try an upgrade to WPA2 if we want to feel safe, shall we? Just to inform the uninformed world.

Prometheus (author)briscuits2009-11-26

Briscuits, I think you have been watching the movie "Hackers" too long. If you'll take another look, I didn't say anything about firewalls having to do with WEP keys at all. And you could crack it in 30 seconds? Not even Angelina Jolie is that good...

You have 30 seconds to crack my network....GO!

Kush_Slayer (author)Prometheus2009-02-21

nice security then and i made the program that tells you the alt codes one day when i had nothing else to do, also its somewhere in the 50 GBs of stuff on my harddrive so i probably wont be able to find it any time soon

About This Instructable




Bio: This account was compromised 4/21/2016 and has since been edited 08 of 2017.
More by bmlbytes:Installing Subwoofers in a CarCreate a PDFMake your own websites - HTML basics (Part 1)
Add instructable to: