Banner Grabbing with TELNET
Why use TELNET?
With tools like Nmap and Metasploit available you're probably asking, "Why would I need to know how to use telnet?" While true, there are many tools that can be used to gather this information from services that are willing to dish it out, TELNET is available on Linux, Mac OS X, and Windows operating systems; as well as giving the would-be hacker "hands on" experience manually plugging in specific TCP/UDP port numbers and using HTTP request to gather information other tools would automatically.
What is TELNET?
TELNET is an application protocol, generally used for remote terminal connections and has been replaced by the use of more secure protocols such as SSH. Despite being regarded as obsolete the TELNET protocol is still widely used today, just check out shodan
On most Linux distros TELNET is installed by default, but if it does not use your distro's package manager to run;
# Debian/Ubuntu Based Distrosapt-get install telnet# Fedora/RHEL Based Distrosdnf install telnet# OpenSUSEzypper install telnet# Arch Linuxpacman -S inetutils
On Windows versions after XP, the TELNET client is disabled by default. To enable TELNET in Windows open up a command prompt with elevated privileges and enter;
dism /online /Enable-Feature /FeatureName:TelnetClient
Now that you have telnet installed or enabled, you can use TELNET by entering the command 'telnet', followed by the IP address or hostname of the host you would like to connect. By default, if no optional port number is specified, TELNET will attempt to connect to the default TELNET port, 23. TELNET can also be used interactively by entering 'telnet', with no arguments to the terminal. This will change the prompt to display 'telnet>'. From the telnet prompt you can enter;
open host port
This will open a connection to the specified host
on the specified port
Web servers are probably the most accessible type of server available to us so let's start with that. From your terminal enter the command;
telnet google.com 80
This will make a connection to google on the default HTTP port 80. After entering the above command you should see the following displayed; From here you can just press the return key a couple times or if you wanted some meta information for the web page, enter the HTTP HEAD method;
HEAD / HTTP/1.1
Press the return key a few times and the server will give back some information.
One piece of information that probably stands out to you is the server field, which in this case is "gws", or Google Web Server. Try this out on some sites you visit and see what you find.