|
TelneT UnleasheD Do YourselF NoW LivE
|
Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition (Hacking Exposed) |
Telnet Explained [Part 1]
By PranaY
http://www.ethicalhacker.tk
[email protected]
Note: I have decided to launch manuals about hacking using telnet in two parts. In the first part I'll explain basics of telnet and working with telnet and in the second part I'll show some advanced methods of hacking through telnet. Further this manual is in its BETA stage and I'll be grateful for suggestions for improvements.
Part 1
Welcome to another hackersclub manual. In here I am going to figure out one the most kewl utility available under the TCP/IP set of protocols. Well I guess you peoples are familiar with TCP/IP protocols. Then also I am gonna tell you the basics of these sets of protocols.
Well first of all, protocols means some rules for communication between systems over a network. TCP/IP is the most popular sets of protocols used in our current state for communication over the internet. There are various utilities under TCP/IP, some are command utilities, some are transfer utilities and some are printer utilities..
Command Base Utility : REXEC (Remote Execution) , RSH (Remote Shell) and Telnet
Transfer Utilities : FTP , RCP, TFTP
Printer Utilities : LPR, LPQ
Well all these utilities works according to the TCP/IP and obeying the protocols of TCP/IP (Transmission Control Protocol/Internet Protocol).
In this manual I'll lay stress mainly on Telnet, a command base utility available under the TCP/IP set of protocols.
What is telnet?
Basically telnet a.k.a(also know as) terminal emulator is a console based tool which enables an user to use the resources of another system by connection to it using its IP address and a valid shell in the target system. Well in simpler sense telnet also works like Trojans, in client server fashion. Using a telnet client an user connects to the telnet server of a remote system running on a specified port. The default port for telnet is port 23.
Well these are all about telnet in the conventional sense of term. Now I think I should tell you more about telnet in hackers sense of term..
Well to start with I must say that telnet is the ultimate tool for hackers. All big big hackers use it in exploiting loopholes in systems..
You can start telnet by going to run and type telnet and press enter.
Generally in win 95/98/Me a telnet window will pop up.. but in windows xp, windows 2000 telnet will start within a dos box ie. within console.
To run telnet in console even in win 98/95,Me just copy the coding below save as i_wanna_be_a_hacker.reg and run it..
REGEDIT 4
[HKEY_USERS\S-1-5-21-1229272821-1563985344-1060284298-1003\Software\Microsoft\Telnet]"MODE"="CONSOLE"
Well you can also use that telnet available in win 98 which opens up in a separate window.
Click on connect and in the host field enter the target IP. In the terminal type write vt100.
Or plain and simple way.. just open DOS box.. and type telnet without <> and the default settings will work as fine as mmmm.. cant find any words to compare.. sorry .in windows xp pro & 2000 enviornemt the telnet is shipped as part of NOS.just go to run & type telnet.type ? for more help at telnet terminal, o < host name > < port address > default is 23.
What can I do with telnet?
Generally hackers aims at connecting to the daemon of a open port of a particular system and tries to get root on that system. First you need a good port scanner to scan down the open ports of a particular system. Then you may connect to an open port using telnet.
For example once I port scanned the webserver of a friend of mine who happens to be a great web developer and found that port 25 is open along with SMTP daemon running in it.
so using telnet I connected myself to his server on port 25 and using his SMTP service I send a couple of anonymous mails to my friends� mainly to him telling him that I am using his service :))
example:
c:\telnet
Welcome to Microsoft Telnet Client
Escape Character is 'CTRL+]'
Microsoft Telnet>open anisurrahman.net
Connecting to anisurrahman.net....
Connected..
.
.
.
well now what.. now the SMTP service is mine..
I just played around with it� well if you
are not used with telnet commands just type
HELP after your connected and you will get
the list of all the commands supported by
the webserver.
Anyway I am going to show how I send a fake
mail using simple commands supported by all
ESMTP sever (ESMTP = Extended Simple Mail
Transfer Protocol)
Here we go :
Telnet>open anisurrahman.net 25
Connecting�.
Connected to anisurrahman.net
220 Welcome to anisurrahman.net ESMTP service
8.9.3
HELO Pranay
220 Welcome to sendmail Pranay
MAIL FROM:[email protected]
240 Sender set to [email protected]
RCPT TO:[email protected]
240 Recipient set to [email protected]
DATA
220 End with "."
Subject : Hello Rony
Hey whats up boss� I am sending fake mail
using you SMTP service� Don't be angry on
me� Sorry..
.
240 CA55910 Message accepted for delivery..
Note: thinking what the values 240 , 220
or CA55910 is..
Don't think much.. the values 240 or 220
are just message code of the server. For
example the server will response with 220
for displaying a banner in here.. see all
the banners has come up with 220.. the server
has denote confirmation with 240 in here�
its not much important according to me..
And about CA55910..its the MSGID or Message
ID� in the logs of the server this ID denotes
the mail that you just send along.
Note: This is my earnest request to each
and everybody who reads this manual.. please
do not send any fake mail at [email protected]
and please do not use the service at anisurrahman.net
Please note: sometimes you may get Relay
Denied error on some server.. well I wont
go into much details about this topic cause
I guess I don't have enough knowledge about
it..
Bingo !! I have send a fake mail !!! I am
a hacker !!! yes !!
Well nothing to think like that cause sending
fake mails doesn't make you a hacker. Well
it has nothing to do with hacking. Fake mails
can also easily be traced down and your ISP
can be found out easily. Then if the victim
sends a mail at [email protected] and complains
about your activity then sorry boy you may
lose you ISP account..
Anyway try sending some fake mails to yourself
and get used with telnet.
Hey guys [and gals if any] don't get excited
and get going to hack with telnet cause things
are not that easy as it seems to be. I have
made myself in only to the SMTP service of
anisurrahman.net I haven't yet got root on
it.
Well there are many more games which you
can play using telnet. For example you can
start a raw session of IRC using telnet.
I guess you all are familiar with IRC(internet
relay chat). You may use mIRC, Pirc etc softwares
to start an IRC session. But there you don't
have to do much as the software will do things
for you.
Well I think here I need to explain some
basics of IRC and how IRC servers works.
Well for starting an IRC session you need
to connect to an IRC server on the port running
the IRC daemon. The default ports are 7000,6667
etc. in mIRC when you wish to connect to
a server the default port used is 6667.
Type /server irc.dal.net [port] in mIRC window.
Note : in place of port type the port number
without []
If you leave it blank then the default port
will be taken as 6667.
This command will connect to irc.dal.net
server then by typing /join #channelname
you can join any channel and start you IRC
session.
Tip : To know the IP address or the host
name of a person in IRC session is the easiest.
Just type /whois in the channel
window and you will get his/her IP address
(some types this IP is resolved into host
name�it depends on the server)
Now I guess your familiar with basic IRC
command which you can use in mIRC.
Now lets come to our point..ie. starting
a raw IRC session using telnet.
Generally many IRC warfare technique writers
or others have written many manuals on starting
a raw IRC session using telnet but I think
they are not really intended for newbies.
In here I am going to explain things in a
simple easy to understand way.
When you connect to an IRC server it authenticates
you only by your username and host address
and asks for a nick. While using mIRC these
infos are provided by the software itself
as provided by the user. But while connecting
to an IRC server in raw mode.. ie. using
telnet you need to provide these infos.
Note : Some servers doesn't support raw IRC
session as it is quite a bit insecure..
Now to start.. telnet in to an IRC server
on port 7000 or 6667
Tip: In raw mode you don't need to give a
/ before commands as in mIRC.
Telnet>open irc.servername.net 6667
nick
user
please note: don't give the <> sign..
I have used these signs only to distinguish
the commands that I have to type in to the
terminal.
you are now connected to an IRC server using
telnet.. you can use mIRC commands here but
without /
to send a private message the command is
:
PRIVMSG NICK MESSAGE :
Now I guess you are quite familiar with the
workings and usage of telnet.
With telnet you can know surely use the resources
of a remote computer provided that you are
allowed the access the resources�. If not�
then what else but to hack into it.
Brief idea of telnet hacking (basics)
Generally telnet is used to connect to a
particular daemon running on a particular
port on a target system. Well the very aim
of using telnet to connect to the daemons
is to get root on the system. But if you
are thinking that you'll connect to the SMTP
server of your ISP and will get root in your
ISP's system then forget it pal. What hackers
do is first port scan the target system and
find out the open ports and the daemons running
the open ports.
Note: you can use nMAP. It is a very fast
and so called SYN Stealth port scanner available
for download with source file at http://www.insecure.org
but remember if your ISP kick your ass for
port scanning their system then don't get
flamed on me..
Now as you have found an open port say port
21 running an ftp server. Well all you need
to do is to telnet in to the port. But things
are not that easy and you wont get root easily..
some ftp servers or better to say 98% of
the daemons running on a server allow access
only to valid users thus asking for user
name and password. In such case when your
facing an username and password prompt either
you have to make the sysadmin's daughter
you girl friend and then trick her to know
the password or you have to play around with
other methods like brute force hacking..
etc.
Well another vulnerability existing on various
daemons is the trust-relationship. Well often
servers authenticates an user only by his
IP considering that the server has trust-relationship
with the client and the clients IP is already
in the database of the trusted IP's. Now
if you can spoof your IP according to one
of the trusted IP's of the server then you
can get yourself inside a system. Spoofing
IP is a complicated subject though apparently
its definition stands as "Faking the
actual IP with some other". Its not
really easy to spoof your IP and exploit
a trust-relationship as you have to block
the trusted client with DoS attack so that
it cannot reply to the SYN/ACK packets send
by the server to it. If it receives the SYN/ACK
packets from the sever unexpectedly then
surely it will reply with a FIN packet so
as to end the connection.
Anyway I wont go into much details about
IP Spoofing since it's a very complicated
subject and you have to understand it thoroughly
in order to execute it.
Note: Please don't get angry on me for using
terms like SYN/ACK packets FIN Packets in
the above paragraph if you are not familiar
with it.. well its common terms in IP spoofing..
I just came across a very good IP Spoofing
manual.. you can come across it..
"IP Spoofing Demystified" available
for download in the books section of http://blacksun.box.sk
Well that's it for now.. the second part
of this manual will be up soon.. if anybody
of you know about some more fun with telnet
do let me know about it or write an article
by yourself and I'll be glad to publish it
on HC
Pranay
http://www.ethicalhacker.tk
[email protected]
"But did you, in your three- piece psychology
and 1950's
techno brain, ever take a look behind the
eyes of the hacker?
Did you ever wonder what made him trick,
what forces shaped him, what may have molded
him?
I am a hacker, enter my world..."
("The Conscience of a Hacker",
The Mentor)
|
|
