Telnet Tools and Settings

Telnet Tools and Settings

Telnet Server tools and settings determine how Telnet Server handles auditing, authentication, idle session time-out, and other remote command console session options. Usually, you do not need to configure Telnet Server options to connect a Telnet client to Windows Server 2003-based Telnet Server: the default Telnet Server options are compatible with most Telnet clients. However, you must configure Telnet Server options if you want to do any of the following:

• Audit logon and logoff information.

• Disable NTLM or password authentication, or change the default domain for authenticating unqualified user names (by default, the domain in which the machine account resides is used to authenticate unqualified user names).

• Prohibit authentication of user accounts in trusted domains, which restricts Telnet access to users whose user accounts are stored only in the local Security Accounts Manager (SAM) database (by default, Telnet Server authenticates user accounts in trusted domains and the local SAM database).

• Change the default shell, or command interpreter, that is used for Telnet sessions (Cmd.exe is the default shell).

• Specify an IP address on which you want the Telnet Server program to listen for connection requests.

• Change the mode of operation from console mode to stream mode.

• Ensure that all programs started in a Telnet session terminate when you disconnect a Telnet session.

• Change the TCP port on which Telnet Server listens for a connection (by default, Telnet servers listen on TCP port 23).

• Change the maximum number of Telnet sessions that Telnet Server will accept (the default is 2).

• Change the maximum number of logon attempts before a user is disconnected (the default is 3).

• Disable idle session time-out, or change the idle session time-out value (the default is 1 hour).

• Disable Alt key mapping (by default, pressing Ctrl-A simulates the Alt key).

Telnet Tools
The following tools are associated with Telnet Server.

Telnet.exe: Telnet Command Prompt
Category
The Telnet command prompt tool is included with the Windows Server 2003 and Windows XP operating systems.

Version compatibility
Use this command on computers running Windows Server 2003 or Windows XP.

Once all of the settings and options are configured, you can use Telnet.exe to initiate and conduct a Telnet session. You can create a Telnet connection, configure Telnet.exe options, and use all Telnet.exe features by using the Telnet command prompt. The Telnet command prompt is useful if you are performing quick maintenance tasks on several different hosts or you need to use advanced Telnet options and features.

You can access the Telnet command prompt by running the Telnet command without any command-line parameters. You can also access the Telnet command prompt by typing the Telnet escape character during an active Telnet session. The default escape character is Ctrl+].

After you start the Telnet command prompt, the following message appears:

Welcome to Microsoft Telnet Client
Escape Character is 'Ctrl+]'
Microsoft Telnet >
You can close the Telnet command prompt by using the Quit command.

Telnet.exe with command-line parameters
You can create a Telnet connection and configure some Telnet.exe options by using the Telnet command in conjunction with various command-line parameters. Using the Telnet command with command-line parameters is helpful if you are creating Telnet connections within a script or batch file or you do not need to use advanced Telnet client options and features. When you use Telnet with command-line parameters, you can use a single command to create a connection with a host. The command-line syntax for Telnet.exe is:

telnet [-a][-eescape_char][-flog_file][-luser_name][-tterm]host [port]
The command-line parameters are described in the following table.

Telnet.exe Command-Line Parameters

Parameter Description
-a
Instructs Telnet.exe to log on to the host using the credentials of the user who is currently logged on to the client.

-eescape_char
Specifies an escape character, which displays the Telnet command prompt. The default escape character is Ctrl+].

-flog_file
Creates a client-side log file and turns on client-side logging for the current session. The log_file parameter must consist of a path and file name.

-luser_name
Instructs Telnet.exe to log on to the host using the user account that is specified in user_name. The user account specified in user_name must have Telnet logon rights on the host.

-tterm
Specifies the terminal type. The default terminal type is ANSI. Other valid terminal types include VT52, VT100, and VTNT.

host
Specifies the host with which you want to create a Telnet connection. The host parameter can be a NetBIOS name, a fully qualified domain name, or an IP address.

port
Specifies the TCP port on which you want to create a Telnet connection. The default Telnet port is 23.

For example, the following command uses the credentials of the user who is currently logged on to the client to create a Telnet connection on port 23 with a host named server01:

Telnet Server01

Likewise, the following example creates the same Telnet connection and enables client-side logging to a log file named c:\telnet_logfile:

telnet -f c:\telnet_logfile server01

The connection with the host remains active until you exit the Telnet session (by using the Exit command), or you use the Telnet Server administration tool to terminate the Telnet session on the host.

Tlntadmn.exe: Telnet Administration
Category
The Telnet administration command-line tool is included with the Windows Server 2003 and Windows XP operating systems.

Version compatibility
Run this command on computers running Windows Server 2003 or Windows XP.

Tlntadmn.exe is a command-line tool, and is installed by default when you install Windows Server 2003. Unlike the Telnet Server administration tool in Windows 2000, Tlntadmn.exe is a noninteractive tool that must be run with various command-line parameters. Because Tlntadmn.exe is noninteractive, and uses command-line parameters to configure Telnet Server options, you can use Tlntadmn.exe in scripts or batch files to automate Telnet Server configuration tasks. You must be a member of the Administrators local group to use the Telnet Server administration tool.

For more information about Tlntadmn.exe, see “Telnet commands” in the Command Line References in the Tools and Settings Collection.

Top of page
Telnet Registry Entries
The following registry entries are associated with Telnet.

You can configure most Windows Server 2003 Telnet Server options by using the Telnet Server administration tool (Tlntadmn.exe). However, you can only configure some options by using the registry editor (Regedit.exe). You should use the registry editor to configure only the Telnet Server options that cannot be configured with the Telnet Server administration tool.

You must be a member of one of the following groups to use Regedit.exe: Administrators, Server Operators, and Power Users. You can use Regedit.exe to change registry settings on a local or a remote computer. However, only members of the Administrators group can use Regedit.exe to configure registry settings on a remote computer.

The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
The following registry entries are located under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\.

AllowTrustedDomain
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0.\

Version
The AllowTrustedDomain entry is included in Windows Server 2003 and Windows XP.

You can prevent the Telnet Server program from authenticating users on trusted domains by configuring this registry entry.

By default, the Telnet Server program authenticates user accounts in trusted domains and in the local SAM database. Preventing the Telnet Server program from authenticating user accounts in trusted domains restricts Telnet access to only those users whose user accounts are in the local SAM database. By default, the AllowTrustedDomain registry entry has a value of 1. To prevent Telnet Server from authenticating user accounts in trusted domains, you must set this registry entry to 0.

DefaultShell
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0.\

Version
The DefaultShell entry is included in Windows Server 2003 and Windows XP.

You can change the default shell, or command interpreter, that the Telnet Server program uses for a Telnet session by configuring this registry entry.

By default, Telnet Server runs all commands in the Windows Server 2003-based command interpreter (Cmd.exe). You can change this to any command interpreter that is installed on the host. You must provide a path and file name for the command interpreter.

ListenToSpecificIpAddr
Registry path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0.\

Version
The ListenToSpecificIpAddr entry is included in Windows Server 2003 and Windows XP.

You can configure the Telnet Server program so it listens for connection requests that are sent to a specific IP address. This is useful if a host has several network adapters, and you want to limit Telnet connections to only one of the network adapters. It is also useful if you have a firewall, and you want to filter Telnet traffic through the firewall to only a few IP addresses.

By default, this registry entry has the value INADDR_ANY, which instructs Telnet Server to listen for Telnet connection requests that are sent to all IP addresses assigned to the host. You can change the value of this registry entry to any IP address that is assigned to the host.

What Is Telnet
What Is Telnet?


The term "telnet" is a mashing together of "telephone" and "network." The term means to use telephone lines for the purpose of contacting and entering another network computer. For example, let's say I am on joe.net and there is a file I want on fred.com. I would use the telnet program to attach from my server to the other.

Please note: Just because I am discussing telnet does not mean you are guaranteed telnet capabilities with your account. You may not be able to connect you own system. It's up to the server people whether to allow you access or not.
Even if you can connect, you still may not be able to do all the things I talk about in the CGI tutorials. Again, it's up to your server people to give you the ability to do anything. Hopefully you will have full access, but if not, contact the people you pay each month and see if your account can be altered to include full access.

Where Will I Find Telnet?


If you are running Windows 95 or Windows 3.x, then you already have it on your system. Windows 95 users will find the program by clicking on Start, then Programs, then Accessories, and then choose Telnet. The icon will look like the one in the heading text. You could also jump right to it by clicking on Start, choose Run, and type in Telnet. The program will pop right up.
If you have Windows 3.x, then you'll still find it under the Accessories icon, but it will be named Terminal. Those of you using MAC systems will need to grab a telnet program. Telnet programs are plentiful and small. You'll have no trouble finding one. See http://www.shareware.com/ or Yahoo's Telnet Page. Telnet programs are usually very small. All they do is make the connection. The two connected servers do the rest.

Telnet/SSH session cannot be started from EEM applet.

The chances that you would be able to start SSH or Telnet session from an EEM applet were pretty slim, but the comment from melwong triggered my curiosity and I simply had to try it.
After all, as the action cli command uses a VTY line (like a regular user session), you might be able to use the pattern option of the action cli command to write something similar to an expect script. This was my best shot at getting it done:

event manager applet SSH event none action 0.9 cli command "enable" action 1.0 cli command "ssh -l ssUser R2" pattern "word:" action 1.1 cli command "ssPassword" pattern "#" action 2.0 cli command "clear ip route *" pattern "#" action 3.0 cli command "exit" pattern "#"My applet got past the SSH authentication
(debugging on R2 confirmed that the SSH session was started) but could not send data through the session itself (it hung on the clear ip route command).

What Is DOS Attack?



A Denial Of Service (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitmate users by overloaidng the resources, so that no one can access it.if an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to acomplish a dos attack.

Type Of DOS Attack?

There are several general categories oof DOS attack.Popularly the attacks are mainle three types:-

1)BANDWIDTH ATTACK

2)PROTOCOL ATTACK

3)LOGIC ATTACK

Some Technics For Hacking
1)SMURF:-IT IS A DOS ATTACK INVOLVING FORGED ICPM PACKETS SENT TO A BROADCAST ADDRESS.ATTACKERS SPOOF THE SOURCE ADDRESS ON ICPM ECHO REQUESTS AND SENDING THEM TO AN IP BROADCAST ADDRESS.THIS CAUSES EVERY MACHINE ON THE BROADCAST NETWORK TO RECIEVE THE REPLY AND RESPONDS BACK TO THE SOURCES ADDRESS THAT WAS FORGED BY THE ATTACKERS.

A)AN ATTACKER STARTS A FORGED ICPM PACKET-SOURCE ADDRESS WITH THE BROADCAST AS THE DESTINATION.

B)ALL THE MACHINE ON THE SEGMENT RECIEVES THE BROADCAST AND REPLIES TO THE FORGED SOURCE ADDRESS.

C)THIS RESULT IN DOS DUE TO HIGH NETWORK TRAFFIC

2)WIN NUKE:-IT WORKS BY SENDING A PACKET WITH "OUT OF BAND" DATA TO PORT 139 OF HE TARGET HOST.FIRST OFF, PORT 139 IS THE NETBIOS PORT AND DOES NOT ACCEPT PACKETS UNLESS THE FLAG OOB IS SET IN INCOMING PACKET.THE OOB STANDS FOR OUT OF BAND.WHEN THE VICTIIM'S MACHINE ACCEPT THIS PACKET,IT CAUSES THE COMPUTER TO CRASH A BLUE SCREEN.BECAUSE THE PROGRAM ACCEPTING THE PACKETS DOES NOT KNOW HOW TO APPROPRIATELY HANDLE OUT OF BAND DATA,IT CRASHES.

3)JOLT2:-IT ENABLES USERS ACCROSS DIFFERENT NETWORKS TO SEND IP FRAGMENT-DRIVEN DOS ATTACKS AGAINST NT/2000 BY MAKING VICTIM'S MACHINE UTILIZE 100% OF ITS CPU WHEN IT ATTEMPS TO PROCESS THE ILLEGAL PACKETS.

C:\>JOLT2 1.2.3.4 -P 80 4.5.6.7

THE ABOVE COMMAND LAUNCHES THE ATTACK FROM THE ATTACKER'S MACHINE WITH A SPOOFED IP ADDRESS 1.2.3.4 AGAINST THE IP ADDRESS 4.5.6.7 .THE VICTIM'S MACHINE CPU RESOURCES REACH 100% CAUSING THE MACHINE LOCK UP.

4)BUBONIC.C:-IT IS A DOS EXPLOIT THAT CAN BE RUN AGAINST WINDOWS 2000 MACHINES.IT WORKS BY RANDOMLY SENDING TCP PACKETS WITH RANDOM SETTINGS WITH THE GOAL OF INCREASING THE LOAD OF THE MACHINE, SO THAT IT EVENTUALLY CRASHES.

C: \>BUBONIC 12.23.23.2 10.0.0.1 100

5)TARGA-:IT IS A PROGRAM THAT CAN BE USED TO RUN 8 DIFFERENT DOS ATTACKS.THE ATTACKER HAS THE OPETION TO EITHER LAUNCH INDIVIDUAL ATTACKS OR TO TRY THE ATTACKS UNTILL IT IS SUCCESSFUL.TRAGA IS A VERY POWERFULL PROGRAM AND CAN DO A LOT OF DAMAGE TO A COMPANY'S NETWORK.

6)TRINOO:-IT WAS THE FIRST DOS TOOL TO BE DISCOVERED .FOUND IN THE WILD ON A SOLARIES 2.X SYSTEMS COMPROMISED BY BUFFER OVERRUN BUG IN RCP SERVICIES: STATD, CMSD, TTBDSERVED.TRINOO DAEMONS WERE UDP BASED, PASSWORDS PROTECTED REMOTE COMMANDS SHELLS RUNNING ON A COMPRISIED SYSTEM.

7)TFN:-COULD BE THOUGHT OF AS "SON OF TRINOO".IMPROVED ON SOME OF THE WEAKNESS OF TRINOO BY ADDING DIFFERENT TYPES OF ATTACKS THAT COULD BE MOUNTED AGAINST THE VICTIMS SITE.STRUCTURED LIKE TRINOO WITH ATTACKERS,CLIENTS (MASTERS) AND DAEMONS.INTIALLY AYATEM COMPRISES ALLOWS THE TFN PROGRAMS TO BE INSTALLED.

8)TFN2K:-IT IS A DOS PROGRAM WHICH RUNS IN DISTRIBUTED MODE.THERE ARE TWO PARTS TO THE PROGRAM:CLIENT AND SERVER.THE SERVER ALLOW RUNS ON A MACHINE IN LISTENING MODE AND WAITS FOE COMMAND FROM THE CLIENT.

RUNNING THE SERVER

#TD

RUNNING THE CLIENT

#TN -H 23.4.56.4 -C8 -I 56.3.4.5

THIS COMMAND STARTS AN ATTACK FROM 23.4.56.4 TO THE VICTIM'S COMPUTER 56.3.4.5