Why is Telnet insecure? Let's take a look at usernames and passwords

Once upon a time, Telnet was my favorite remote login protocol!

Back then, I was still young and working as a network tester at H Company. I tried every possible means to find bugs in routers and switches every day. I always wanted to make things difficult for the developers and make things difficult so that the versions would not be released normally. :) Looking back now, it was a simple and beautiful time!

In order to manage switches and routers, we used Telnet to log in, and we were very excited to type various commands. Suddenly one day, our department manager (now a senior executive of H Company) called us together and told us not to use Telnet when logging in to the equipment in the future, but to switch to SSH, and all connections to the automation platform had to be changed to SSH!

This surprised us because Telnet has been used for a long time. The entire department's test system login is based on Telnet, and everyone is used to it! Later we learned that due to a certain leak (I forgot the specific content), the company required that even when logging into the device internally, Telnet could not be used, and the more secure SSH must be used! Then the whole department switched!

After I left H Company and went to another company, I found that although everyone knew that Telnet was not secure, they still used it. This is because Telnet is easier to configure than SSH, and people are lazy and don't want to take an extra step, so of course they like to use Telnet! I guess only the devices on the existing network will prohibit the use of Telnet.

Later, after learning some security knowledge, I understood the painstaking efforts of H Company to enforce the requirement. It turns out that Telnet is really not safe. Someone with ulterior motives can easily obtain the username and password of the login device. Let's take a look at it together today!

Briefly understand the C/S working mode of Telnet

C/S working mode, does it sound very advanced to you? I was once fooled, and felt that C/S mode was a very advanced architecture! Later, I looked up information specifically to figure out what C/S working mode is.

Let's take a look at the C/S working mode in the figure below and be prepared for surprises

C/S working mode

• C：client, client;
• S：server, server.

The client and the server exchange information, as long as the client uses a separate software to access the server's working mode, it can be called C/S mode! Didn't you expect it?

The corresponding mode to the C/S mode is the B/S mode, as shown in the following figure:

B/S working mode

• B：brower, browser
• S： server

After reading the above picture and the explanation of B and S, you should be able to guess what B/S mode is, right? The client and the server exchange information, as long as the mode of accessing the server through the browser is called B/S mode! Do you feel uneasy? It feels too simple:)

Now let's get back to the point. Since Telnet uses the C/S mode, it means that the Telnet client needs third-party software. We usually use the built-in CMD, SecureCRT, XShell, Putty and other software as the Telnet client to connect to the Telnet server!

SecureCRT interface

The most commonly used tool by network engineers is SecureCRT, which is simply a must-have tool for typing command lines! If you have any questions about installing and using SecureCRT, you can check out my column. There is a section that specifically introduces a video tutorial on SecureCRT.

View Telnet Username and Password

After seeing the working mode of Telnet, let's take a look at the username and password!

So what tool can be used to view username and password? Wireshark software!

Wireshark is a packet capture software and is essential software for network engineers to troubleshoot problems.

To obtain Telnet username and password, you only need to go through the following three steps:

• Step 1: Open the wireshark software and capture the messages passing through the network card;
• Step 2: Use Telnet client to log in to the network device;
• Step 3: Stop Wireshark to capture packets, analyze the packets, and find out the username and password.

Step 1: Open the wireshark software and capture all the messages passing through the network card

After installing the wireshark software on your computer, you can see the following software interface when you open it:

Wireshark software interface

Select the correct network card: If you have multiple network cards, you need to select the network card for packet capture.

Choose the right network card

After clicking Start, packet capture will begin: As shown in the following figure, packet capture is in progress

Capturing the packet

Step 2: Use the Telnet client to log in to the Telnet server

Open the SecureCRT software, create a new connection, and select the Telnet protocol, as shown below:

Select Telnet protocol

Enter the IP address or host name of the Telnet server:

Server IP address or host name

Give the created session a name:

Session Name

Double-click the session name, the connection will automatically fail and prompt for the username and password:

Prompt for username and password

However, Huawei devices will prompt: Telnet is not safe and is not recommended. The original text is as follows:

Of course we can't be scared, otherwise today's class will not be able to continue. We enter the username and password as prompted:

Enter your username and password

Step 3: Use Wireshark to find the username and password

After we stop capturing packets, we will find that we have captured a large number of packets and don't know where to start. In fact, it is very simple. Just enter telnet in the filter above, and Wireshark will filter out packets with the telnet protocol, as shown below:

Filter out Telnet messages

After filtering, there are not many packets left. You can search for them one by one. The username and password are hidden in these packets. You can also use the "track flow" function of wireshark, which will display all the contents of this traffic. As shown in the figure below, right-click a packet and then choose to track TCP flow:

Tracking Flow

Wireshark will display all the contents belonging to this TCP connection (Telnet uses TCP transmission), as shown below:

Display username and password

Don’t you think it’s a bit tricky? The username/password is displayed directly! Isn’t it simple? You can easily get the Telnet username/password without mastering any advanced technology!

Of course, someone who is interested will not capture packets on your computer, but in the middle of the network. This is not a difficult task for them, for example, the following figure:

Someone caught the bag

Their packet capture equipment and analysis software will be more professional. If you get the username/password of the existing network device, you can configure the device in any way. It's scary to think about it! So we'd better not use telnet, and develop the habit of using SSH!

Summarize

After the above explanation, do you know the working principle of C/S and the reason why Telnet is not safe? Let me make a brief summary:

• The working mode of using a third-party client to connect to the server is called C/S mode;
• The working mode of using a browser to connect to a server is called B/S mode;
• The reason why Telnet is not secure is that the messages exchanged between the client and the server are not encrypted, and the username and password can be easily discovered by someone with ulterior motives.