This is an article about the deep analysis of TELNET and FTP protocols, we are going to see the working of both of these protocols. What was wrong with these two? I mean why would someone come up with SSH and SFTP and be appreciated for the idea? Even after the SSH and SFTP, both protocols are still being used by many Linux and Windows servers.
FTP is a file transferring protocol. we mostly use it to store and download files. There are many FTP servers available in Linux and Windows both. FTP server is the easiest one to use and easiest one to set up. And on the other hand, TELNET is a protocol that provides the interactive terminal session of a server. It works as SSH but calling these two protocols similar isn’t right. There is one similarity between FTP and TELNET, which is the unencrypted network traffic between client and server. every data packet that is sent by FTP and TELNET can be sniffed over a local network and can be analyzed to find details exchanged over the network. Information such as user data (image, video, mp3, etc), user creds (usernames, password) and other details about source and destination can be intercepted over the network easily. And the dumbest thing you can do FTP and TELNET is to expose it to public. For example, you are hosting a website and you make the user download some files via FTP and the user directly connects to the FTP server. In that case, anyone in the local network of the client can view the data which is being sent to the client. Sometimes an attacker can find credentials along with server info in the config files of FTP.
VsFTPd & TELNET
you can set up an FTP server in Linux using VsFTPd. Vsftpd is in kali’s packages already so you can just install it via the apt package manager. and you can simply run it as a system service.
apt install vsftpd
service vsftp start
or you can prefer Github, in case you want to build & compile it on your own system.
In order to run a TELNET server, you will need to push it over the network using xinetd. xinetd is a really awesome utility in Linux which can share a local process over a network. you can make your stdin and stdout over a socket descriptor. Actually, there are some alternatives to xinetd such as socat, tcpserver, supervisord etc. but I like to use xinetd. you will need this config file.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure = USERID
disable = no
}
Name your config file telnet and save it in the /etc/xinetd.d directory now you can run the xinted as your system service.
service xinted start
You should have TELNET running now. If any errors occur, it is possible that you have some typo error in your config file or you may already have a service running on port 23. You can kill that service using the fuser command.
fuser -k 23/tcp
Analysis
There are many tools in Linux and windows that can be used to sniff into local networks. Wireshark is the famous one of them. we could also use tshark or networkminer. But for now, I will use Wireshark.
Let’s just say that you are connected to an FTP server and analyzing the packets that are being sent and received between server and client.
And I can look into the Wireshark on the local interface.
The first three lines are establishing a TCP connection. In the fourth line, the server sends a banner for the FTP service to the client. But the real authentication starts from the sixth line where we send the FTP user to log in as. Then the server asks for the password for the FTP user. And we can see the PASS and USER in a readable form. It means that the communication between the FTP server and client is unencrypted and anyone can intercept it in your network. Images, text files or any other file will be sent unencrypted.
The same problem is with TELNET, if I try to connect with telnet, I will send my creds to the server without any encryption.
The windows of Wireshark will look like this.
Some packets show how the server has sent the banner for the TELNET. The main thing to notice here is the way of transmission of data (creds). When the client sends the authentication details to the TELNET server, you will see that only one byte in one packet is being sent, though it is unencrypted. It is quite different from the normal transmission.
I saw two challenges on root-me in the network category. both of the CTF challenges can be solved easily after reading this post. you will be given a PCAP file and you will have to analyze it and find password sent by the client while in the process of authentication.
If you want to use FTP and TELNET, I will recommend using in your own system only by running it on lo interface (127.0.0.1). Never make your user download a file via your FTP server if you are hosting a website.