telnet as hacking tool..?

[naughty_prince]

1st of all thanx to all those friends who helped me previously in understanding telnet basics. But one of my friend told me that telnet can be used as a hacking tool when you've a port open in your system and other person know your ip address and open port, he/she can be connect you remotely and do whatever he want, doesn't matter whether you've given him permission or not. Is it true? if yes than how can i save my ass.

[SodaMoca5]

This is not accurate. For this to work Telnet must be enabled on your machine, the attacker must have a username and password as well. Also your machine will listen for telnet on the telnet port unless you have modified it to a higher port (port redirection). If you don't want people to telnet then disable it or disable the telnet ports.

However, if the person has all the information they need: IP, telnet access, user name and password then they will still be restricted by the rights of the user. If this user has root or admin privileges then they have total control. If not they may still be able to plant a trojan or virus to give them those privileges when it is activated or when it logs the root username and password.

Personally I don't think telnet is a very viable hacking tool. It is a very useful networking tool and tests the higher layers of the protocol stack (ping only tests up to layer 2 effectively). If some of the others here know something about telnet which I don't (a very real possibility considering the expertise on this site) please let me know.

[Angrys Back]

oh man...
the remote machine would have to be running a service that telnet could talk to , and telnet cannot talk to every service. there are many it can talk to, but for the average windows home user
there is not much of a threat that youll get attacked via a telnet session. however it is true in some instances that you dont have to be given permission-but that depends on what service you are connecting to and how that service is configured or misconfigured.

as for a telnet to telnet connection you must provide a username and password AND the machine you are connecting to must have the telnet daemon running something that isnt on by default.

[roswell1329]

If your system has any open ports that are "listening" to traffic, there is always the potential for a security breach. For example, if you are running an SMTP server that is "listening" on port 25, it is possible for someone to find a way to use that port to gain access to your system. One of the simplest ways for this has been to use telnet in the hopes that the service running on that port has some kind of interactive interface you can exploit to do what you want. Try using telnet to connect to your SMTP port like this:

telnet myhost.com 25

You'll see that the SMTP service has an interactive interface that will accept commands and output results. You're basically mimicking how an email program (like Eudora or Outlook Express) is connecting to the server to send out it's email. See if you can figure out how to send email just using the interface.

To protect yourself against attempts to access your system through these ports, take a moment to evaluate what you want your machine to be doing. If you're not using it as an SMTP server, or an FTP server, or an HTTP server, etc., turn those ports off! For those services that you must run, make sure they are fully updated with any security patches available.

[alittlebitnumb]

I have heard Telnet sessions can be sniffed and attackers record things such as usernames/passwords to gain access to a target, which is MUCH easier than trying to use telnet to attack directly. That is why many suggest using ssh instead of telnet.

Hope this helps.

[roswell1329]

alittlebitnumb -- Absolutely correct. If you've never seen how simple it is to sniff a password off the network, try using this simple little sniffer. Just start running it right before you connect to some server using FTP or telnet. Then go back and look at the packets in DEC to see (in marvelous plain-text) your username, password, and commands go zooming by. Scary stuff. You'll never go back to un-encrypted again!

[nebulus200]

ALong the lines of what Roswell has already said, you can use telnet to talk to programs on various ports, assuming you know how to 'talk' to the protocol running on that port (he gave example of SMTP or port 25) another good one is port 80 (http). I have often used telnet in the past to talk web servers to do a get (one good reason was back when code red started kicking off, I could go to the page and see if it was infected at no risk to my computer).

I am assuming that you are running some kind of flavor of Microsoft. If you happen to be running something like NT/2K/XP, shut down as many services as possible without effecting your ability to use your computer. In addition, (or for that matter, if you are running any microsoft product) you should install a personal firewall, my recommendation would be zone alarm if you are new to firewalls, agnitum outpost if you are somewhat familiar with them (both free, outpost is more granular but also more complex).

If by some chance that you are running some flavor of unix, check your startup scripts and disable as many as those services as possible. Check in inetd.conf and disable as many, if not all, of the services listed there (you may need some for example if you run some flavour of X). Any service that you can not turn off/disable, you should wrap (check out tcp_wrappers). This should do a pretty effective job of limiting (if not eliminating) someones chance of getting in through any remote port (which is what they might use telnet for).

/Neb

[naughty_prince]

thanx buddy, you've mentioned "Telnet must be enabled on your machine, the attacker must have a username and password as well". well would you plz tell me the detail of this plz. I m using windows98 and logon using default user without any password. I don't have any port blocker installed. Unfortunately one hacker ( a friendly one of course) has warned me that he'd destroy my system. Can he connect at any open port using telnet, or there is a single port associated with my system, and plz explain me what do you mean by "attacker must have a user name and password". i'll wait for answer. and thanx for such help.

[LoggOff]

by saying that you only use the default username and no password then you have a world of posibilitys open to them. if your in win98 then theres not much in the way of restricting access to your computer if you are running a telent server...... win98 dosnt have a telent server (correct me if im wrong) so unless you put a server program on your machine then you probly dont have a telent port open. if the server that you have installed detects that windows is open up like that (no username and pasword) then it will probly not even prompt for it. if it dosnt detect that then itll still prompt but all they do is hit enter twice and there in.......

best advice, dont run a server if you dont know how to secure it. if you still have to then atleast use a password if not change usernames also.......

[nebulus200]

thanx buddy, you've mentioned "Telnet must be enabled on your machine, the attacker must have a username and password as well". well would you plz tell me the detail of this plz. I m using windows98 and logon using default user without any password. I don't have any port blocker installed. Unfortunately one hacker ( a friendly one of course) has warned me that he'd destroy my system. Can he connect at any open port using telnet, or there is a single port associated with my system, and plz explain me what do you mean by "attacker must have a user name and password". i'll wait for answer. and thanx for such help.

Ok, you have brought up several issues here...

using windows98 and logon using default user without any password

Windows 98 has no builtin security, period. So even if you changed users/passwords, it really wouldn't buy you anything. In respects to someone getting in through telnet, win98/95 do not support this kind of access (although there are numerous other ways to get in other than telnet.

Can he connect at any open port using telnet, or there is a single port associated with my system,

This is actually two questions. So, yes, anybody can use telnet to connect to any open port on your computer. What they are able to do after that point depends on what service they have connected to (http, smtp, telnet, etc) and the persons knowledge of the protocol. Every well known service (telnet, http, smtp, ftp, etc) runs on a well known port, telnet runs on port 23. So if someone wanted to telnet to your computer (and you were running a telnet daemon), they would connect to port 23 on your computer; however, telnet is somewhat versatile and is able to talk to other daemons (programs that listen/bind to a network port and then can interact over the network) for example http (which runs on port 80), and if they wanted to talk to the http daemon, they would just telnet to port 80 instead of port 23.

"attacker must have a user name and password"

This is true, only if the program listening to that port requires one. The telnet daemon does, and if they wanted to telnet to your computer (and you were running it), they would have to enter a username and password. However, win98 doesn't support this unless you have installed a 3rd party package. There are plenth of other programs running on different ports that do NOT require usernames/passwords, and what the person is able to do on those ports depends on the program listening to the port, and the person that connected to them's understanding of the program.

My original recommendation stands, install a personal firewall. This will block out most people from getting to your computer (if not all). And from the sounds of it, someone might have already installed a backdoor on your computer, you might want to get a good trojan scanner and some anti-virus software.


Hope this helps out a little,

neb