Note: I have decided to launch manuals about hacking using telnet in two parts. In the first part I'll explain basics of telnet and working with telnet and in the second part I'll show some advanced methods of hacking through telnet. Further this manual is in its BETA stage and I'll be grateful for suggestions for improvements.
Welcome to another hackersclub manual. In here I am going to figure out one the most kewl utility available under the TCP/IP set of protocols. Well I guess you peoples are familiar with TCP/IP protocols. Then also I am gonna tell you the basics of these sets of protocols. Well first of all, protocols means some rules for communication between systems over a network. TCP/IP is the most popular sets of protocols used in our current state for communication over the internet. There are various utilities under TCP/IP, some are command utilities, some are transfer utilities and some are printer utilities..
Command Base Utility : REXEC (Remote Execution) , RSH (Remote Shell) and Telnet
Transfer Utilities : FTP , RCP, TFTP
Printer Utilities : LPR, LPQ
Well all these utilities works according to the TCP/IP and obeying the protocols of TCP/IP (Transmission Control Protocol/Internet Protocol). In this manual I'll lay stress mainly on Telnet, a command base utility available under the TCP/IP set of protocols.
What is telnet?
Basically telnet a.k.a(also know as) terminal emulator is a console based tool which enables an user to use the resources of another system by connection to it using its IP address and a valid shell in the target system. Well in simpler sense telnet also works like Trojans, in client server fashion. Using a telnet client an user connects to the telnet server of a remote system running on a specified port. The default port for telnet is port 23. Well these are all about telnet in the conventional sense of term. Now I think I should tell you more about telnet in hackers sense of term.. Well to start with I must say that telnet is the ultimate tool for hackers. All big big hackers use it in exploiting loopholes in systems.. You can start telnet by going to run and type telnet and press enter. Generally in win 95/98/Me a telnet window will pop up.. but in windows xp, windows 2000 telnet will start within a dos box ie. within console.
To run telnet in console even in win 98/95,Me just copy the coding below save as i_wanna_be_a_hacker.reg and run it..
REGEDIT 4 [HKEY_USERS\S-1-5-21-1229272821-1563985344-1060284298-1003\Software\Microsoft\Telnet]"MODE"="CONSOLE"
Well you can also use that telnet available in win 98 which opens up in a separate window. Click on connect and in the host field enter the target IP. In the terminal type write vt100. Or plain and simple way.. just open DOS box.. and type telnet without <> and the default settings will work as fine as mmmm.. cant find any words to compare.. sorry :(
What can I do with telnet?
Generally hackers aims at connecting to the daemon of a open port of a particular system and tries to get root on that system. First you need a good port scanner to scan down the open ports of a particular system. Then you may connect to an open port using telnet. For example once I port scanned the webserver of a friend of mine who happens to be a great web developer and found that port 25 is open along with SMTP daemon running in it. so using telnet I connected myself to his server on port 25 and using his SMTP service I send a couple of anonymous mails to my friends… mainly to him telling him that I am using his service :))
Welcome to Microsoft Telnet Client
Escape Character is 'CTRL+]'
Microsoft Telnet>open anisurrahman.net
Connecting to anisurrahman.net....
well now what.. now the SMTP service is mine.. I just played around with it… well if you are not used with telnet commands just type HELP after your connected and you will get the list of all the commands supported by the webserver.
Anyway I am going to show how I send a fake mail using simple commands supported by all ESMTP sever (ESMTP = Extended Simple Mail Transfer Protocol)
Here we go :
Telnet>open anisurrahman.net 25
Connected to anisurrahman.net
220 Welcome to anisurrahman.net ESMTP service 8.9.3
220 Welcome to sendmail Abhisek
240 Sender set to firstname.lastname@example.org
240 Recipient set to email@example.com
220 End with "."
Subject : Hello Rony
Hey whats up boss… I am sending fake mail using you SMTP service… Don't be angry on me… Sorry..
240 CA55910 Message accepted for delivery..
Note: thinking what the values 240 , 220 or CA55910 is..
Don't think much.. the values 240 or 220 are just message code of the server. For example the server will response with 220 for displaying a banner in here.. see all the banners has come up with 220.. the server has denote confirmation with 240 in here… its not much important according to me..
And about CA55910..its the MSGID or Message ID… in the logs of the server this ID denotes the mail that you just send along.
Note: This is my earnest request to each and everybody who reads this manual.. please do not send any fake mail at firstname.lastname@example.org and please do not use the service at anisurrahman.net He is a very good friend of mine.. I have learnt many things regarding web designing and web programming from him..
Please note: sometimes you may get Relay Denied error on some server.. well I wont go into much details about this topic cause I guess I don't have enough knowledge about it..
Bingo !! I have send a fake mail !!! I am a hacker !!! yes !!
Well nothing to think like that cause sending fake mails doesn't make you a hacker. Well it has nothing to do with hacking. Fake mails can also easily be traced down and your ISP can be found out easily. Then if the victim sends a mail at abuse@ISP.net and complains about your activity then sorry boy you may lose you ISP account..
Anyway try sending some fake mails to yourself and get used with telnet.
Hey guys [and gals if any] don't get excited and get going to hack with telnet cause things are not that easy as it seems to be. I have made myself in only to the SMTP service of anisurrahman.net I haven't yet got root on it.
Well there are many more games which you can play using telnet. For example you can start a raw session of IRC using telnet.
I guess you all are familiar with IRC(internet relay chat). You may use mIRC, Pirc etc softwares to start an IRC session. But there you don't have to do much as the software will do things for you.
Well I think here I need to explain some basics of IRC and how IRC servers works.
Well for starting an IRC session you need to connect to an IRC server on the port running the IRC daemon. The default ports are 7000,6667 etc. in mIRC when you wish to connect to a server the default port used is 6667.
Type /server irc.dal.net [port] in mIRC window.
Note : in place of port type the port number without 
If you leave it blank then the default port will be taken as 6667.
This command will connect to irc.dal.net server then by typing /join #channelname you can join any channel and start you IRC session.
Tip : To know the IP address or the host name of a person in IRC session is the easiest. Just type /whois in the channel window and you will get his/her IP address (some types this IP is resolved into host name…it depends on the server)
Now I guess your familiar with basic IRC command which you can use in mIRC.
Now lets come to our point..ie. starting a raw IRC session using telnet.
Generally many IRC warfare technique writers or others have written many manuals on starting a raw IRC session using telnet but I think they are not really intended for newbies. In here I am going to explain things in a simple easy to understand way.
When you connect to an IRC server it authenticates you only by your username and host address and asks for a nick. While using mIRC these infos are provided by the software itself as provided by the user. But while connecting to an IRC server in raw mode.. ie. using telnet you need to provide these infos.
Note : Some servers doesn't support raw IRC session as it is quite a bit insecure..
Now to start.. telnet in to an IRC server on port 7000 or 6667
Tip: In raw mode you don't need to give a / before commands as in mIRC.
Telnet>open irc.servername.net 6667
please note: don't give the <> sign.. I have used these signs only to distinguish the commands that I have to type in to the terminal.
you are now connected to an IRC server using telnet.. you can use mIRC commands here but without /
to send a private message the command is :
PRIVMSG NICK MESSAGE :
Now I guess you are quite familiar with the workings and usage of telnet.
With telnet you can know surely use the resources of a remote computer provided that you are allowed the access the resources…. If not… then what else but to hack into it.
Brief idea of telnet hacking (basics)
Generally telnet is used to connect to a particular daemon running on a particular port on a target system. Well the very aim of using telnet to connect to the daemons is to get root on the system. But if you are thinking that you'll connect to the SMTP server of your ISP and will get root in your ISP's system then forget it pal. What hackers do is first port scan the target system and find out the open ports and the daemons running the open ports.
Note: you can use nMAP. It is a very fast and so called SYN Stealth port scanner