• Default Telnet port. Basic telnet commands and features of the remote access utility

    Not all computer users are aware of the presence of hidden services that allow you to perform various operations without using special software. The Telnet service is present in Windows and Linux operating systems. This material will discuss in detail the purpose of the service, commands, capabilities and how to work with it correctly.

    What is Telnet

    Telnet is a means of communication that is established between terminal devices. An example of such a connection is quite simple: a personal computer and a server that supports a similar type of connection. Telnet is not any software, it is communication protocol. But it should be noted that there are some utilities that work via the “terminalnetwork” protocol.

    In the recent past, Telnet was one of the main ways to connect to the network. Now the utility practically not used. Today, operating systems have more advanced protocols installed, eliminating any additional actions from the user.

    This communication protocol is used in some operations:

    • connection to a remote desktop;
    • examination ports for connectivity;
    • usage software that is only available on remote machines;
    • application system directories, which can only be opened using this type of protocol;
    • sending email without using additional software;
    • users using this protocol allows other users gain access to your personal computer.

    Installation and launch

    There is no need to download the utility; Telnet is built into Windows 7/8/10 by default.

    Installation and startup instructions:

    In order to start the client you need to open command line:

    We invite you to watch the video on installing Telnet in Windows:

    Port check

    Examination network port for access to a personal computer via Telnet:

    • in the window you need to enter the telnetip command;
    • what follows enterIP address computer, for example, 192.168.1.1. You can view the address in the settings of your network router;
    • At the end, enter the FTP port “21”. Thus the command will look like this: telnet 192.168.0.1 21;
    • after that it will appear error message if the port is unavailable or asking you to enter additional data if the port is open.

    Telnet Commands

    Utility commands are a way to interact with it. To display list of all commands, you must enter “help”. Next, we will look at the main commands in detail:

    • “open” - the request allows connect to a remote server;
    • "close" - process interruption connecting to a remote server;
    • "set" - setting server connection parameters;
    • "term" - the request is intended for terminal type indications;
    • "escape" - sets control character;
    • "mode" - choice operating mode;
    • "unset" - reset previously entered parameters;
    • "start" - launch servers;
    • "pause" - temporary stop server operation;
    • "continue" - continuation of work servers after a pause;
    • "stop" - complete work stoppage server.

    Telnet on Linux

    Like Windows, Telnet is built into the Linux operating system. Previously it was used as the standard Telnet protocol, now it has been replaced by the more improved SSH. As with the previous OS, the utility in Linux is used to check ports, routers, etc.

    Let's look at the main operating modes:

    • « line by line». This mode work is recommended. In this case, editing the request is carried out on the local PC and is sent to the server only when it is ready;
    • « character-by-character" Every character typed in the console window is sent to the remote server. You cannot edit the text here. When you delete a character using “Backspace”, it will also be sent to the server.

    Basic commands in Linux:

    • “close” — interrupt the connection;
    • “encrypt” — enable encryption;
    • “logout”—turn off the utility and close the connection;
    • “mode” — selection of operating mode;
    • “status” — connection status;
    • “send” — sending a telnet request;
    • “set” — setting server parameters;
    • “open” — connection to a remote server;
    • “display” — display of special characters.
    • in the console window enter a request for server availability checks, for example, "telnet 192.168.1.243";
    • Next, let’s check access to the port by entering the request “telnet localhost 122” and “telnet localhost 21”. A message will appear on the console screen indicating whether any of the ports are accepting the connection;
    • example of remote control using telnet. To do this, enter the request “telnet localhost 23” in the main window. "23" is the default port. To produce remote control, must be installed on local computer"telnet-server". After this, a message will appear asking you to enter your login and password.

    Disadvantages of Telnet

    The main disadvantage of this protocol is the remote connection without using encryption. The only security point is the authorization of users in the telnet session. But nevertheless, the login and password are also transmitted in unencrypted form, so access to them can be obtained one way or another. It is strongly recommended not to transmit any important data over local networks.

    Telnet is not an internal or external command

    This error appears if this client not installed on a personal computer. You need to do the following:


    Second way:


    Application layer protocol TELNET (from English. T.E. rmina LNET work) - network protocol to implement a text interface over the network. Name telnet We also received client programs for implementing this protocol for almost all existing operating systems. The Telnet protocol is one of the oldest network protocols, developed as a means of communication between remote terminals in test mode. Therefore, it does not provide data encryption or modern authentication tools. The protocol is vulnerable to many network attacks, and cannot be used as a tool to manage network operating systems. Currently, for remote access The system uses the SSH (Secure SHell) network protocol, the creation of which focused specifically on security issues. The relative security of Telnet sessions occurs only in a fully controlled network environment or with security applied network level(various implementations of VPN - virtual private networks). However, TELNET is still used to manage specialized network devices(Switches, routers, etc.), as well as for network diagnostics, debugging and studying other text-oriented (telnet-like) protocols based on the TCP transport. The current Telnet protocol standard is described in RFC 854.

    In modern OS Windows family, utility telnet.exe by default, not installed. To install it you need to go to Control Panel - Programs and Features - Turn it on or off Windows components and check the box for Telnet client. Or, in a command prompt running as an administrator, run the command:

    pkgmgr /iu:"TelnetClient"

    Command line format:

    telnet [-a][-e Symbol][-f File][-l Name][-t Type][Host [Port]]

    Command line options:

    -l Login username remote system provided that the TELNET ENVIRON option is supported.

    -a Attempt automatic login into the system. Like the -l switch, but uses the current username under which you are logged in.

    -e Service character for switching input mode in the telnet client window.

    -f Client-side log file name. In the Russian help, this parameter is incorrectly interpreted as Login_File - “File name on the client side for logging into the system.”

    -t Telnet terminal type. 4 types of terminals are supported: vt100, vt52, ansi and vtnt.

    Knot The host name or IP address of the remote computer to which you are connecting. Port Port number or service name. If the number is not specified, then it is used standard port Telnet 23\TCP

    When launched without parameters, the utility goes into command input mode:

    Welcome to the Microsoft Telnet Client

    Microsoft Telnet>

    When entering a character ? or help Help information is displayed:

    Teams may be shortened. Supported commands are:

    c-close- close the current connection

    d-display- display operation parameters

    o - open hostname [Port]- connect to the site (by default, Port = 23)

    q - quit- exit telnet

    set-set- set parameters ("set?" to display a list of them)

    sen - send- send strings to the server

    st - status- display information about the current state

    u - unset- reset parameters ("unset ?" to display a list of them)

    ? /h - help- issue a certificate

    Some of the commands allow you to get hints for use when entered with a question character:

    Telnet> set ?- get a hint on using the mode setting command. Example of information displayed:

    bsasdel- symbol BackSpace Delete

    crlf- carriage return mode; causes CR & LF characters to be sent

    delasbs- symbol Delete will be sent as a character BackSpace

    escape x- where x is the symbol for switching to telnet terminal mode and back

    localecho- enable local echo.

    logfile x- where x is the log file. In Russian translation it is incorrectly interpreted as “Current client login file”

    logging- recording the current session in the log. In Russian translation it is incorrectly interpreted as "executing a login"

    mode x- where x=console is the console mode used for working with windowed applications (vi editor) and x=stream is the streaming mode used for working on the command line.

    ntlm- enable NTLM authentication.

    term x- type of emulated terminal. Where x is ansi, vt100, vt52, or vtnt.

    For tips on canceling set parameters the command is used

    Microsoft Telnet> unset?

    bsasdel- symbol BackSpace will be sent as a character Delete

    crlf- line feed mode; causes the CR character to be sent

    delasbs- symbol Delete will be sent as a character Backspace

    escape- the symbol for switching to telnet terminal mode and back is not set

    localecho- disable local echo

    logging- disable log recording. In the Russian-language version it is incorrectly interpreted as "disabling login"

    ntlm- disable NTLM authentication.

    Examples of commands in interactive mode:

    open 192.168.0.1- connect to the Telnet server with an IP address 192.168.0.1

    o zte-f660- connect to a Telnet server named zte-f660. Command abbreviation used o pen

    set logfile C:\telnet.log- use as log file C:\telnet.log

    set logging- record the current session to a log file.

    display- display the parameters of the current session. Example of information displayed:

    Mode switch symbol: "CTRL+]"

    NTLM Authentication - Enabled

    Local echo output - disabled

    Mode new line- Symbol ENTER will be shipped as CR&LF

    Current mode: Streaming

    TERMINAL MODE

    Preferred ANSI Terminal Type

        In practice, the utility telnet.exe used as a diagnostic and debugging tool to connect not only to the Telnet server on TCP port 23, but also to any other TCP port, thereby allowing interaction with any command line-controlled application. So, for example, using the utility telnet you can connect to servers that support text (telnet-like) input of commands and data - SMTP, POP3, IMAP, etc. In addition, the utility can be used as a means of roughly checking the connectivity to any TCP port (checking whether a specific TCP port is listening).

    telnet 192.168.1.1 8080- connect to host 192.168.1.1 on port 8080. In cases where the port is closed, the utility will report that connection is impossible. Moreover, to check the availability of a certain port, it is not even necessary that it be listened to by a service that supports text input, such as a VNC server. To disconnect from the remote server, you must enter the mode switching symbol (by default - CTRL+]).

    The telnet.exe utility can be used, for example, to communicate with mail server according to the protocol POP3(Post Office Protocol ver. 3). This protocol used by email clients (Outlook, Outlook Express, The Bat, etc.) to receive email stored in mailbox user. This is the simplest protocol based on the exchange text messages. In order to study the interaction mail client with a mail server, you can implement a connection session using TELNET.

    By default, the POP3 server listens for incoming connections via TCP on port 110 ("listens" on port tcp/110). Telnet command to connect to a server, for example pop.mail.ru

    telnet pop.mail.ru 110

    If the server is healthy, its invitation will appear in the telnet window

    +OK mPOP POP3 v1.1

    user [email protected]

    After which, the server will prompt you to enter a password:

    OK Password required for user [email protected]

    You need to enter a password

    pass VasinPass

    The server will report the result of the password check:

    You can request a list of letters with a directive list:

    list

    In response to this, the server will display a list and sizes of letters in the mailbox:

    OK 10 messages (152527 octets)
    1 48628       1 is the serial number, 48628 is the size
    2 1829
    3 2070
    :

    If necessary, you can view the headers of the letters. To do this, use the command top sequence number, space, number of lines from the message body

    top 2 0

    In response to this, you will see the header of the letter containing service information about the sender, date of sending, return address and some other data:

    Received: from (HELO mx1.ks.pochta.ru) by node7-1.ks.pochta.ru with QIP.RU LMTP
    for [email protected];
    Fri, 08 Apr 2011 15:18:33 +0400
    Received: from mx3.softkey.ru ()
    : :

    The directive is used to receive letters retr sequence number

    retr 2 - accept a letter from serial number 2

    To delete a letter, use the directive dele sequence number For example, to remove the 2nd letter from the list received by the directive list:

    If the deletion was successful, the server will display the following message:

    OK message 2 deleted

    Sometimes, the TELNET command can also be used to identify the service listening on the specified port, since many of them display either their banner or specific service information when connected. For example, the FTP server greeting: 220-FileZilla Server version 0.9.43 beta

    220-written by Tim Kosse ( [email protected])

    220 Please visit http://sourceforge.net/projects/filezilla/

    And this is what the screen looks like when connecting to the RealVNC server:

    RFB 003.008

  • System administration

    • Recent largest DDoS attack to Dyn DNS servers on Habré. A feature of this blackout is its widespread use http requests c IoT devices and open TCP port 23, used by the telnet service.


    Turns out, telnet is alive and have settled well on built systems and baits. Is it due to malicious intent or human thoughtlessness? What is this, stupidity or treason? the telnet port was open and was doing all kinds of shit huge number of IoT devices, several months before the blackout, but no countermeasures were taken until the thunder struck.

    Theoretical minimum

    Vulnerability CVE-2016-1000245 is just a guard. On all devices same root password xc3511, which cannot be changed since there is no passwd command on the system. The telnet service is enabled and cannot be disabled from the settings, unless you delete the init script from /etc/init.d/rcS.


    /etc $ cat passwd root:absxcfbgXtb3o:0:0:root:/:/bin/sh /etc $ cat passwd- root:ab8nBoH3mb8.g:0:0::/root:/bin/sh
    All internet-capable XiongMai Technology boards running the DVR/NVR CMS (Also known as
    NetSurveillance) enable the telnet service to run on the primary ethernet interface. This service
    is run via /etc/rcS and cannot be disabled. The user "root" has a hardcoded and immutable
    password of xc3511. These systems do not have the "passwd" tool installed and the root
    password cannot be changed from command line nor from the web interface.

    Vulnerability CVE-2016-1000246 is not inferior to the first one. You can bypass the input account and password if you log in via http:// /DVR.htm.


    Many known XiongMai DVRs, NVRs and IP Cameras run "CMS" (also called NetSurveillance) built by XM Technologies. This software is also used by all downstream vendors of XiongMai Technologies. The login page for these devices can be bypassed by simply changing the from http://_IP_/Login.htm to http://_IP_/DVR.htm . This allows you access to view all the camera systems without authentication. Furthermore, there is no logging on the system so user management is not possible. The web-server version on all affected products is the same; “uc-httpd”. All products currently affected by CVE-2016-1000245 are also vulnerable to the authentication bypass.

    I hope that these same ones are not installed at our airports. XiongMai And Dahua.

    Results

    Telnet turned out to be very tenacious and even decades after the appearance of ssh it is in no hurry to leave the scene. It is quite suitable, even useful, if used for its intended purpose - within line of sight between the client and the server. The point, however, is that telnet broke free from the server room, like a genie from a bottle, and has already begun to play pranks. Whose fault was this?


    From my fence I see it like this. Firstly, the main blame lies with the unfortunate manufacturers of leaky IoT devices and embedded systems. All these XiongMai And Dahua. It’s belated, but the manufacturer is recalling IP cameras from sale. However, a quick review of the news shows that the PR departments of Chinese companies and employees of the Ministry of Commerce do not eat their bread for nothing.


    I know this department! They issue passports to just about anyone!

    Secondly, of course, the regulatory authorities are to blame - those who certify them and give a positive conclusion. From the Rapid7 report.


    These results all speak to a fundamental failure in modern internet engineering. Despite calls from the Internet Architecture Board, the Internet Engineering Task Force, and virtually every security company and security advocacy organization on Earth, compulsory encryption is not a default, standard feature in internet protocol design. Cleartext protocols “just work,” and security concerns are doggedly secondary.

    Thirdly, the contractors and integrators who planted the world with these CCTV cameras.
    If legislative measures are not taken to regulate the IT security of Internet devices and video cameras, then blackouts will become more frequent and worse, like kaiju.





    P.S. While I was typing the text, I had a strong desire to check home router nmap and other tools. I checked and calmed down, but apparently not for long.

    Materials used

    1. W. Richard Stevens TCP/IP Illustrated, Volume 1, The Protocols, 1994.

    Tags:

    • linux
    • telnet
    • botnet
    • honeypot
    Add tags

    As you can already see if you read my post about setting up Telnet on Windows, working with this service is quite easy. You can run it without arguments by specifying only the host system address on the command line. Under certain circumstances, you still need to specify a specific port. The first message that the user sees after executing the “telnet” command is sent by the program itself, and after communication is established between the client and the server, messages originating from the managed system are displayed. In this regard, you can work with a remote operating system via Telnet in the same way as happens in cases with other specialized programs remote access to the OS. Now let's take a closer look at this service and look at the most commonly used Telnet commands.

    The Telnet command line on a Windows client can accept the following commands:

    open node port – used to establish a connection with a given node;

    close – closes an existing connection;

    quit – exit the current Telnet session;

    display – allows you to view the current Telnet client settings;

    set – with its help it is possible set Telnet parameters for the current session, and specifically:

    • set ntlm will enable NTLM (using NTLM authentication integrated into Telnet when connecting a user from a remote computer allows you to avoid entering a login and password when logging in);
    • set localecho will enable local command output mode;
    • set term vt100/vt52/vtnt/ansi will set the specified terminal type (for example, VT100 is used to perform regular programs command line, and VTNT – for executing advanced programs, such as “edit”);
    • The set escape character will set a sequence of keys that switches the session mode to the command mode (for example, set escape , then pressing the “Ctrl+P” and “Enter” keys will set Ctrl+P as the switch);
    • set logfile filename will point to the log file of current Telnet activity (this file must be in the file system of the controlling computer);
    • set logging will enable logging (the log file must be specified in advance by the above command, otherwise an error message will appear);

    unset – executes disabling various Telnet session options(inverse operations in relation to set), namely:

    • unset ntlm will disable integrated authentication;
    • unset localecho deactivates local command output mode;

    status – used to check if there is a connection to the Telnet client;

    enter – used to go to an existing connected Telnet session;

    Or help – displays help information.

    Once you are done with your work on the remote machine, you will need to close the connection to it. However, Telnet itself does not always complete its work. To exit to the Telnet command line, use the hotkeys “Ctrl+]”.

    Using the telnet command makes it possible to establish a communication channel with computers at a distance. And the utility itself is almost a kind of browser emulator in the terminal, supporting several network protocols.

    In the past, telnet was often used to manage PCs running the Linux operating system. And now, using the same utility, they test the network, check ports, manage routers and other IoT devices.

    Features of the utility

    Although the main purpose of telnet is to create connections between distant friend from a friend PC using the same protocol, using the utility you can manage other services. For example, access POP3, HTTP, IRC or SMTP.

    After all, these and some other services operate on the basis transport protocol TCP, to work with which you can use a telnet client. Although this is not always recommended due to a number of undesirable effects - for example, insecurity of data transmission or its distortion.

    Rice. 1. Enabling the telnet utility in Windows.

    Telnet command syntax when connecting to to a remote computer looks like this: $ telnet (options) (host) (port).

    The host is the domain of the computer to which the connection is made. Port – port on the computer from which access is being made. And the options could be as follows:

    • -4 and -6 enforce the use of ipv4 and ipv6 addresses, respectively;
    • -8 makes it possible to use 8-bit encoding;
    • -E disables support for escape sequences;
    • -a automatically registers the user on the remote system;
    • -d enables debugging mode;
    • -p enables rlogin emulation;
    • -e sets the initial escape character;
    • -l authorizes the user in the system.

    After a connection to the remote host is established, the telnet utility begins working in one of two modes - line by line or character by character.

    The first option is the most preferable due to the ability to edit text directly on local PC and sending it only after the user has completely entered all the information.

    The disadvantage of this line-by-line mode is the lack of support for it by some services. While character-by-character can be used in any case. However, when using it, all information is sent to remote PC instantly.

    And if the user makes a mistake, it will be impossible to correct it - after all, even spaces and Backspace are sent to the server in the form of characters.

    Basic commands

    When working with the telnet protocol, the user enters the appropriate commands into the console. The most popular include the following:

    • OPEN (PC name) (port). Allows you to communicate with the computer whose name is specified in the command. If you do not specify a port, the utility will try to use the default number. Sometimes it is indicated instead of the PC name IP address;
    • DISPLAY (argument). Command to display a full or partial set of telnet utility parameters;
    • CLOSE. Designed to close the telnet session and return the system to command mode;
    • QUIT. Command to end all open connections and exit telnet;


    Rice. 2. Using the Quit command in the MS Telnet client.

    • MODE TYPE. Used to control one of two input mode options (character-by-character or line-by-line). In this case, a request is sent to the remote computer to switch to specific mode, and, if supported by the service, appropriate switching is provided;
    • STATUS. The command that displays the current status of the utility, name remote PC and exchange mode;
    • ? (team). Reports information about the corresponding command sequence. It is needed in cases where the user is going to use a command that is unfamiliar to him;
    • ! (team). Executes a command sequence on the local system;
    • SEND ARGUMENTS. Sends character arguments to the remote PC;
    • ESCAPE. Sends one of the escape characters such as comma, bracket, or caret (^);
    • SYNCH. Serves to send a synch sequence that allows you to cancel all commands typed but not yet sent. Used only in line-by-line mode;
    • BRK. Sending a break sequence when the Break key is pressed.

    All of these commands are basic, although their total number is much larger. However, due to the rather rare use of this utility, the easiest way to find a complete list of them is by entering HELP in the terminal.

    Ah, after displaying full list, get background information about each command sequence using the "?" command. Although, for example, for telnet client V Windows list may be shortened.


    Rice. 3. List of telnet commands in the Microsoft client.

    Conclusions

    The need to use commands in the telnet utility arises less and less these days. However, it is worth knowing some of them, at least to gain access to network equipment. For example, to switches, routers or even to web cameras.

    Thus, even this relatively outdated and insecure protocol can be useful for ordinary users and, even more so, for specialists. True, to work with it you will need not only knowledge of the list of commands, but also some experience in working with the command line.

    Read more: