Nmap telnet-encryption NSE Script
This page contains detailed information about how to use the telnet-encryption NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
Select: |
---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/telnet-encryption.nse
Script categories: safe, discovery
Target service / protocol: telnet
Target network port(s): 23
List of CVEs: -
Script Description
The telnet-encryption.nse script determines whether the encryption option is supported on a remote telnet server. Some systems (including FreeBSD and the krb5 telnetd available in many Linux distributions) implement this option incorrectly, leading to a remote root vulnerability. This script currently only tests whether encryption is supported, not for that particular vulnerability.
References:
- FreeBSD Advisory: http://lists.freebsd.org/pipermail/freebsd-announce/2011-December/001398.html
- FreeBSD Exploit: http://www.exploit-db.com/exploits/18280/
- RedHat Enterprise Linux Advisory: https://rhn.redhat.com/errata/RHSA-2011-1854.html
Telnet-encryption NSE Script Arguments
The telnet-encryption.nse script does not have any arguments.
Telnet-encryption NSE Script Example Usage
Here's an example of how to use the telnet-encryption.nse script:
nmap -p 23 <ip> --script telnet-encryption
Telnet-encryption NSE Script Example Output
Here's a sample output from the telnet-encryption.nse script:
PORT STATE SERVICE REASON
23/tcp open telnet syn-ack
| telnet-encryption:
|_ Telnet server supports encryption
Telnet-encryption NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file>
option, Nmap will produce a XML output and save it in the file.xml
file.
Authors
- Patrik Karlsson
- David Fifield
- Fyodor
References
- https://nmap.org/nsedoc/scripts/telnet-encryption.html
- https://github.com/nmap/nmap/tree/master/scripts/telnet-encryption.nse
- http://lists.freebsd.org/pipermail/freebsd-announce/2011-December/001398.html
- http://www.exploit-db.com/exploits/18280/
- https://rhn.redhat.com/errata/RHSA-2011-1854.html
See Also
Related NSE scripts to the telnet-encryption.nse script:
Visit Nmap NSE Library for more scripts.
The telnet-encryption.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Failed to parse options
Here is a relevant code snippet related to the "Failed to parse options" error message:
58: repeat
59: iac, pos = string.unpack("B", data, pos)
60: until( pos == #data or 0xFF == iac )
61: cmd, pos = string.unpack("B", data, pos)
62: if ( not(cmd) == 0xF0 ) then
63: return false, "Failed to parse options"
64: end
65: else
66: option, pos = string.unpack("B", data, pos)
67: result[option] = result[option] or {}
68: table.insert(result[option], cmd)
Failed to send packet: %s
Here is a relevant code snippet related to the "Failed to send packet: %s" error message:
81: local result
82:
83: socket:set_timeout(7500)
84: status, result = socket:send(data)
85: if ( not(status) ) then
86: return fail(("Failed to send packet: %s"):format(result))
87: end
88:
89: repeat
90: status, data = socket:receive()
91: if ( not(status) ) then
Receiving packet: %s
Here is a relevant code snippet related to the "Receiving packet: %s" error message:
87: end
88:
89: repeat
90: status, data = socket:receive()
91: if ( not(status) ) then
92: return fail(("Receiving packet: %s"):format(data))
93: end
94: status, result = processOptions(data)
95: if ( not(status) ) then
96: return fail("Failed to process telnet options")
97: end
Failed to process telnet options
Here is a relevant code snippet related to the "Failed to process telnet options" error message:
91: if ( not(status) ) then
92: return fail(("Receiving packet: %s"):format(data))
93: end
94: status, result = processOptions(data)
95: if ( not(status) ) then
96: return fail("Failed to process telnet options")
97: end
98: until( result.done or result.cmds[0x26] )
99:
100: for _, cmd in ipairs(result.cmds[0x26] or {}) do
101: if ( COMMAND.Will == cmd or COMMAND.Do == cmd ) then
Version
This page has been created based on Nmap version 7.92.
Go back to menu.