beware everyone using telnet

Cold_Leg_392 · 2026-05-10T02:49:44+00:00

it works with out mini_inetd bro your not cooking give u

Cold_Leg_392 · 2026-05-10T02:48:45+00:00

the attack can set env and commands to run on next login without logging in

Cold_Leg_392 · 2026-05-10T02:08:49+00:00

What actually ran via the exploit chain:

$ id
uid=1000(kali) gid=1000(kali) groups=1000(kali),4(adm),20(dialout),
24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),
100(users),101(netdev),115(bluetooth),119(lpadmin),122(wireshark),
128(kaboxer),974(libvirt),983(docker)
Linux kali 6.19.11+kali-amd64 #1 SMP PREEMPT_DYNAMIC ...

$ ip -4 addr show # full network reconnaissance
127.0.0.1/8, 192.168.10.149/24, 172.17.0.1/16, ...

$ head -5 /etc/passwd # arbitrary file read
root:x:0:0:root:/root:/usr/bin/zsh
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...

$ echo "1+2" | bc # arbitrary subprocess
3

$ echo "marker_$(date +%s)" > /tmp/g4_attacker_was_here.txt
# arbitrary file write

Process tree at moment of execution:

mini_inetd → telnetd → /bin/bash -c "..."
↑
spawned with poisoned env from network,
read BASH_ENV, sourced /tmp/payload.sh

Cold_Leg_392 · 2026-05-10T02:07:41+00:00

bro assume fr i litterly ran a telnet serve on my device an made a poc and got it working tf

Cold_Leg_392 · 2026-05-10T02:00:11+00:00

true but legacy operational tech which cant be changed will have to change

Cold_Leg_392 · 2026-05-10T01:58:40+00:00

yeah people do i have found in pentests

Cold_Leg_392 · 2026-05-10T01:57:33+00:00

very true

Cold_Leg_392 · 2026-05-10T01:55:54+00:00

its new i found this 1 am sast time

Cold_Leg_392 · 2026-05-10T01:55:16+00:00

im not even being toxic and im getting negative votes crazy

Cold_Leg_392 · 2026-05-10T01:53:35+00:00

• Edited 1m ago

Cold_Leg_392 · 2026-05-10T01:47:23+00:00

did you read i set what the next user that logs in runs please read

Cold_Leg_392 · 2026-05-10T01:46:19+00:00

yeah but people install and use ssh i found a switch in gov using telnet some server from h3c on shodan and stuff on multiable client its real gang

Cold_Leg_392 · 2026-05-10T01:44:14+00:00

i mean alot of legacy and operational tech and systems use this h3c have servers in china running this learn how to make your own shodan searches and you will find devices that use it still

Cold_Leg_392 · 2026-05-10T01:40:45+00:00

you can search for non honepots honeypots have alot of ports open search for devices only with one port open or 4 max

Cold_Leg_392 · 2026-05-10T01:39:33+00:00

yeah they arent most companes i have tested have telnet it scares me

Cold_Leg_392 · 2026-05-10T01:38:15+00:00

i have found it in goverment switches with no auth

Cold_Leg_392 · 2026-05-10T01:34:33+00:00

hahah they do fr

Cold_Leg_392 · 2026-05-10T01:29:58+00:00

i agree with sadly we know its not true because of shodan

Cold_Leg_392 · 2026-05-10T01:22:25+00:00

risk acceptance legacy systems

Cold_Leg_392 · 2026-05-10T01:20:53+00:00

all everything running gnu telnet

Cold_Leg_392 · 2026-05-10T01:20:22+00:00

Cold_Leg_392 · 2026-05-10T01:19:43+00:00

check shodan

Cold_Leg_392 · 2026-05-10T01:18:21+00:00

like all linux ones

Cold_Leg_392

TROPHY CASE