Како да користите Telnet

  • Креатор на темата A__
  • Време на започнување

A__

Супер модератор
Член од
16 март 2005
Мислења
4.539
Поени од реакции
7.214
:arrow: Introduction

Ok. Telnet is a very handy terminal emulation program that ships with windows. it is used for remote logins to other systems on a variety of daemons. in this tutorial i will discuss some uses of telnet including port surfing to gain information. surfing the web, checking your email, sending email. and i will also discuss some popular daemons.

:arrow: What is a daemon

A daemon is a service that runs on a certain port and offers a specific set of rules. these set of rules are defined as a protocol. so smtp (simple mail transfer protocol) runs on default port 25.

:arrow: View html source and documents with http via telnet

http (hyper text transfer protocol) is the basis and set of rules of which your web browser automates for you. when u type a domain into the address bar on your browser it is first queried by a dns (domain name system) which will convert the domain name (yahoo.com) into and IP address and connect to yahoo.com's http daemon on port 80.i will explain how you would do this proccess manualy via telnet. take a look at the syntax below.

open a dos prompt.
C:\> telnet www.yahoo.com 80
(this tells dos to execute telnet, connect to domain name www.yahoo.com on port 80.)

ok if all goes well and yahoo.com is up and alive a connection will be established with the http daemon at yahoo.com. now lets continue with the basic command for contacting a http daemon.

GET / HTTP/1.1 (by using this method you must remove the 'http://' and the 'www.yahoo.com')


note: some hosts are a more aware and disable the information of which thier daemons display on requests. if the GET / HTTP/1.1 command don't work maybe your host is using a different version for example

-------- yahoo.com --------

HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/5.0
Date: Wed, 04 Jul 2001 06:52:31 GMT
Content-Type: text/html
Content-Length: 87

<html><head><title>Error</title></head><body>The parameter is incorrect. </body>
</html>

Connection to host lost.

-----------------------------

note the infromation we gather.
line#1: version of http service: HTTP/1.1, PHP/4.0, satus code.
line#2: http server, Microsoft-IIS/5.0, Apache.
line#3: date 24 hour +GMT
line#4: type of content
line#5: length of characters

the connection to to the host is terminated each time. this is exactly what happens after your browser contacts a a server. another thing you must press enter twice to initiate each request, this is just how the http daemon functions.

ok lets try http://www.astalavista.box.sk
C:\> telnet www.astalavista.box.sk 80
GET / HTTP/1.1

----- astalavista.box.sk -----

GET / HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Wed, 04 Jul 2001 06:51:37 GMT
Server: Apache/1.3.19 (Unix) PHP/4.0.4pl1
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

-----------------------------

hmm... we get status error 400 bad request. take a look at the server: line#3 Apache version 1.3.19 using PHP/4.0
lets try again this time using PHP/4.0
GET / PHP/4.0


thats the GET command. heh. now lets say you just want to know if a certain file exists on a certain site in a certain directory it might be a 28meg text file, and you don't want to download the whole thing you might just want to view a few lines of the header. this is as so.
HEAD /wordlist.txt HTTP/1.1

nice huh. there is another method though... this is called PUT and you guesed it. it's to put files to a server in a folder say. just like you would upload via FTP (file transfer protocol). lets see how it works.
PUT /contact.htm HTTP/1.1

// why would you want to do this ?
many reasons. sites which disable view source. getting infromation on http daemons, whether or not that host is hosting a web site.

-- sending email using smtp via telnet --

smtp (simple mail transfer protocol) is the daemon used to send email. it's default port is 25.

ok, so lets try a few things. open that trusty old telnet client again
C:\> telnet mail.newmail.net 25

------ connected ------

220 digital Microsoft ESMTP MAIL Service, Version: 5.0.2195.1600 ready at Wed,
4 Jul 2001 18:47:27 +1000

-----------------------

ok note once again the information we recieve >:P
line#1: 220 status number: digital (domain or ip of server): esmtp (extended) version 5.0.2195.1600
line#2: date 24 hour time and +1000 greenwich time GMT

now to communicate with the smtp daemon we'll need to know a few commands. when you establish a connection to a daemon you should always try the '?' or '/?' and 'help' commands, although sometimes some daemons don't support them.
use this syntax to send email.

:arrow: Commands

HELO server.com (x authentication)
MAIL FROM: admin@server.com (sender of which mail is from)
RCPT TO: victim@victimserver.net (destination of mail)
DATA (data contained in mail)
SUBJECT email subject (subject line)
a basic email message, sometimes can progress fake
. (to end the message on a blank line with a period)

----------------------

// why would you want to do this ?
send fake emails... although a smart admin could examine your email headers and would soon find out your mail has generated from a fake source. to send email if no email clients are availiable, at collage etc. also check what version of sendmail is running, operating system, time, date.

:arrow: Recieving email using pop3 via telnet

ok so you want to check your email, at collage can't be fucked waiting later to recieve important chick email? your dog has eaten your ie 6 cd? whatever it be here i will show you how to easily check and recieve emails via pop3 (post office protocol version 3). pop3 usually runs on port 110 standard. so once again... open dos or a unix terminal.

C:\> telnet mail.newmail.net 110

------ connected ------

+OK DPOP Version number supressed. <1206.994279150@newmail.net>

-----------------------

ok, what a fuck huh. version number supressed. >:P normally you would get the version of DPOP thier running. but in this case again they have configured that.
line#1: +OK: command successful your connected, DPOP: type of pop server software, version number.

alright so now we want to check our email and see what gorgeous babes have emailed us this week. "my names jenifer and i've included a picture of my breasts" i mean how did that get there. blah. >:P
first we must identify ourselves... just like setting up a client. user:, pass: etc.

------ commands ------

USER username
+OK dazzed nice to hear from you - password required
PASS password
+OK password accepted
LIST
1. 3045bytes
2. 345bytes
3. 8837bytes
RETR 2

:arrow: Using irc via telnet

yeah why not. internet relay chat is a popular chat system, blah. so your away and your addiction to talking to those chicks can't wait... theres no irc client anywhere... your bandwidth is tapped to 500k, lol ok.
lets get started. you will need a shell account for this, i suggest nether.net. you can get one in about 5 mins just C:\> telnet nether.net
login: newuser
once in sign up.

ok i'm assuming your logged into your shell account. now issue the command irc.
<user@nether.net> IRC
now some very basic irc commands you'll need here.
/SERVER irc.box.sk 6667
ok now you should see it connecting just like in a client like mIRC, bitchX. change to your preffered nick.
/NICK Dazzed
now join your channel of choice...
/JOIN #lameindustries
now your set, easy huh. >:P

:arrow: Port surfing

what is port surfing? well if you've been reading this tutorial so far you are doing so just that. port surfing is connecting to numoures ports on a host computer. to find out information such as time, operating system, services running, functionality, daemon versions... especially sendmail are prone to exploits. port surfing and a few trade terminal tools can get you alot of important information about someone.
knowing what daemons are availible can open a whole variety of opertunities and places to look for vulnerbilities and holes, especially if your victim isn't security minded and very well could have services running they might not know about >:P

some helpful ports to start on i have listed below. also thier are many port scanners availiable that will scan a specific range and list all the open tcp/ip, udp ports. you should also download a port list.

:arrow: Interesting ports

7 echo whatever you type in, the host repeats back to you. not really useful.
11 systat lots of info on users
13 daytime time and date at computer's location
15 netstat info on networks
21 ftp transfers files
23 telnet where you log in.
25 smpt forge email
37 time time
39 rlp resource location
43 whois info on hosts and networks
53 domain nameserver
79 finger lots of info on users (mostly disabled)
80 http web server
110 pop incoming email
119 nntp usenet news groups -- forge posts, cancels
443 https another web server. the secure server one.
512 biff mail notification
513 rlogin remote login who remote who and uptime
514 shell remote command, no password used! syslog remote system logging
520 route routing information protocol
 

Kajgana Shop

На врв Bottom