Telnet is a legacy remote terminal TCP/IP application used for remote administration , Telnet is notorious for transmitting communications in plain text and has long since been superseded by SSH that uses encrypted channels so it is rare to see telnet in use on the Internet .

But you will be surprised to know that most of the routers have telnet serveries running on them by default even today ,This is a serious vulnerability ,this allows malicious users to connect to the router from anywhere in the world using default credentials, and can wreak havoc.

I this article I will explain how you can scan large number of routers for telnet services, which we can then attempt to use default credentials to log in 

Things You Need

1. Random telnet scanner originally written by Solaris (modified by me) . The program attempts to open a connections to the telnet port (23) of  random ips, if it succeeds the program logs the success in a log file telnet.txt for later analysis. The program then repeats, so if you run a few instances of the program for a few hours you can end up with a list of around 200 telnet boxes .Originally the program is written in Perl but i have modified it into a batch file  

You can download the modified version of  random telnet scanner from 

2. Telnet client

For windows XP/Linux users you will already have telnet client by default but for windows 7 users you will need to enable your telnet client  by following these step

After that you can start Telnet via Command Prompt ( Cmd )

Working :-

1. First run the remote telnet scanner for 20- 30 minutes and you will end up with 10 -20 telnet boxes 

2. Now you have your list of IP's with the telnet port open in telnet.txt as shown 

3. Now open your telnet client and connect to the ips  you will  be  prompted for a username and password, try the common user names and passwords like

A lot of routers disclose there model number in the telnet banner when you connect ,so a simple Google search often turns up the default user name and password. Otherwise move on to the next ip

4. From here its up to you what you do, but i enjoy using simple network tools like ipconfig and ping to map out the network, sometimes i have found routers that have nmap and telnet clients on etc. you can even port forward packets to printers and use them across the Internet to print out hundreds of copy's A funny concept that i have got to work in the past few days is with the routing tables and redirecting every web request to different sites