Telnet Information For Begginer - PART 1
Basic Info on Telnet:Telnet is a user command and an underlying TCP/IP protocol for accessing remote computers. Through Telnet, an administrator or another user can access someone else's computer remotely. On the Web, HTTP and FTP protocols allow you to request specific files from remote computers, but not to actually be logged on as a user of that computer. With Telnet, you log on as a regular user with whatever privileges you may have been granted to the specific application and data on that computer.
TELNET COMMANDS
C - Close the Current Connection
D - Display the sys's operating paremeters
O - Connect to a host name (on default port 23) [port]
q - Quit (Exit Telnet).
Set- Set Options
Send - Send data/strings to server
D - Display the sys's operating paremeters
O - Connect to a host name (on default port 23) [port]
q - Quit (Exit Telnet).
Set- Set Options
Send - Send data/strings to server
TELNET PORTS
21: FTP
22: SSH (nix system or some kind of server)
23: Telnet
80: HTTP
8080: Alternate HTTP
3389: RDP (Microsoft remote desktop connections run on this port)[/size]
BRIEFT IDEA OF TELNET HACKING
[size="1"]Generally telnet is used to connect to a particular daemon running on a particular port on a target system. Well the very aim of using telnet to connect to the daemons is to get root on the system. But if you are thinking that you'll connect to the SMTP server of your ISP and will get root in your ISP's system then forget it pal. What hackers do is first port scan the target system and find out the open ports and the daemons running the open ports.
Note: you can use nMAP. It is a very fast and so called SYN Stealth port scanner available for download with source file at http://www.insecure.org
but remember if your ISP kick your ass for port scanning their system then don't get flamed on me..
Now as you have found an open port say port 21 running an ftp server. Well all you need to do is to telnet in to the port. But things are not that easy and you wont get root easily.. some ftp servers or better to say 98% of the daemons running on a server allow access only to valid users thus asking for user name and password. In such case when your facing an username and password prompt either you have to make the sysadmin's daughter you girl friend and then trick her to know the password or you have to play around with other methods like brute force hacking.. etc.
Well another vulnerability existing on various daemons is the trust-relationship. Well often servers authenticates an user only by his IP considering that the server has trust-relationship with the client and the clients IP is already in the database of the trusted IP's. Now if you can spoof your IP according to one of the trusted IP's of the server then you can get yourself inside a system. Spoofing IP is a complicated subject though apparently its definition stands as "Faking the actual IP with some other". Its not really easy to spoof your IP and exploit a trust-relationship as you have to block the trusted client with DoS attack so that it cannot reply to the SYN/ACK packets send by the server to it. If it receives the SYN/ACK packets from the sever unexpectedly then surely it will reply with a FIN packet so as to end the connection.<script>
Anyway I wont go into much details about IP Spoofing since it's a very complicated subject and you have to understand it thoroughly in order to execute it.
Note: Please don't get angry on me for using terms like SYN/ACK packets FIN Packets in the above paragraph if you are not familiar with it.. well its common terms in IP spoofing.. I just came across a very good IP Spoofing manual.. you can come across it..
"IP Spoofing Demystified" available for download in the books section of http://blacksun.box.sk
OTHER Information: TELNET PASSWORDS
From the results of my research I found a somewhat popular modem/router combination that runs a telnet server with a huge security issue. They are produced by a company called Netopia. I have owned a few of their products at one time or another over the years. Even worse than the default Linksys passwords, these routers are shipped from the factory with NO PASSWORD PROTECTION AT ALL. These models run without passwords by default.
OTHER Information: TELNET SESSION EXAMPLE
Welcome to Microsoft Telnet.
o
<to> 202.232.**.**
connecting to 202.232.**.** 23 (The port number)
Connected.
Connection to host lost (unauthorized use of Telnet Proxy(ies).
o
<to> 202.232.**.** 25
Connecting to 202.232.**.** 25 (Watch this..)
Welcome to ********.net Sendmail Program. Welcome to all staff.
vrfy bin
..550 <bin@********.net>
vrfy sys
..550 <sys@********.net>
vrfy root
..550 <root********.net>
vrfy admin
..550 <admin@********.net>
vrfy games
..550 <games@********.net>
vrfy uucp
..550 <uucp@********.net>
q
..550 <command not recognized>
c
Connection to host lost on command.
o
<to> 202.232.**.**
connecting to 202.232.**.** 23 (The port number)
Connected.
Connection to host lost (unauthorized use of Telnet Proxy(ies).
o
<to> 202.232.**.** 25
Connecting to 202.232.**.** 25 (Watch this..)
Welcome to ********.net Sendmail Program. Welcome to all staff.
vrfy bin
..550 <bin@********.net>
vrfy sys
..550 <sys@********.net>
vrfy root
..550 <root********.net>
vrfy admin
..550 <admin@********.net>
vrfy games
..550 <games@********.net>
vrfy uucp
..550 <uucp@********.net>
q
..550 <command not recognized>
c
Connection to host lost on command.
OTHER Information: More advance methods of use for telnet.
Once you get a little more advance, you can also use telnet too spoof email servers, and such.
------------------------------------------------------------------------------
On my next guide i am going to discuss more advance telnet hacking.
------------------------------------------------------------------------------
On my next guide i am going to discuss more advance telnet hacking.