Home Sign Up!

Browse Community Submit

All Art Craft Food Games Green Home Kids Life Music Offbeat Outdoors Pets Photo Ride Science Tech

How to hack Telnet

by bmlbytes on March 28, 2008 Table of Contents How to hack Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro: How to hack Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 1: Download Stuff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 2: Using Zenmap (nmap's GUI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 3: Make sure that you don't make hacking instructables at school . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 4: Start the telnet program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 5: Start the connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 6: Play with the device you connected to . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step 7: Jumping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Related Instructables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 2 3 3 4 4 4 5 5 5

http://www.instructables.com/id/How-to-hack-via-Telnet/

Author:bmlbytes

Virus Stompers A computer technician from Minnesota. He is a future student to the University of Advancing Technology in Tempe, Arizona. Is a partner in VirusStompers.com

Intro: How to hack Telnet

Here is a guide to learn basic hacking techniques. Telnet is the base of most hacking. This was titled like this to be entered into the Burning Questions Group. I understand it to mean, "How to hack via Telnet," so that's what this instructable is about.

Step 1: Download Stuff

The only thing you will need is a port scanner. nmap is a free and powerful port scanner. You can download it for Windows , Mac OSX , or Linux . If possible make sure you install the GUI with it. It comes with the Windows installer.

http://www.instructables.com/id/How-to-hack-via-Telnet/

Step 2: Using Zenmap (nmap's GUI)

It's pretty simple. Open the program and in the "Target" box, type the ip address of the computer you want to hack. If you don't know the ip address, go to the computer you want to access (I will assume you have the legal rights to whatever you are trying to access), open a command line and type ipconfig. You can try to hack devices too sometimes. Routers and switches sometimes have telnet. Try scanning these too. Say you want to scan a range of IP addresses, then you would type the beginning IP address followed by (no spaces) a dash ( - ) and the end of the last IP address. For example, if you wanted to scan 192.168.1.100 to 192.168.1.299 then you would type 192.168.1.100-299 . In the "Profile" menu of Zenmap, select "Intense scan" if it is not already selected. Click scan and watch as the program scans the computer or device for open ports. Watch the nmap output until you see some words in green. These are the open ports on the computer or device. If port 23 is open, your device is hackable. Many servers and routers have port 23 open. If you can't find a device with Telnet enabled, use nethack.alt.org .

Image Notes 1. Ports 135 and 139 are open on this computer. Port 23 is not, so this computer can not be hacked using telnet.

Step 3: Make sure that you don't make hacking instructables at school
I started this instructable in the computer lab of the local community college. I soon got a message saying that what I was doing was considered suspicious activity. I think the port scanner is what did it. I wish I could post a picture of the message, but they blocked internet access to my computer. Oh well, I guess I'll finish this at home.

http://www.instructables.com/id/How-to-hack-via-Telnet/

Step 4: Start the telnet program

Now you can go and download some telnet programs. But whats the point of that? Most operating systems come with telnet built in. For Windows, click Start -> Run (or Windows Key + R) and type telnet in the box. This will open a telnet screen.

Step 5: Start the connection

In the telnet box type "o TheAddressOfTheComputerYouWantToConnectTo PortNumber" You will want to use the IP address that you found port 23 open on, or the game, nethack.alt.org. For example, using nethack.alt.org as our telnet server you would type "o nethack.alt.org 23". If you don't type a port number, it will assume you mean 23. Now hit enter to connect.

Step 6: Play with the device you connected to

Now here is where it will get slightly more difficult for me to explain. The reason this is, is that every device has its own interface from here. Some will need code, and others will take you though its program, step by step. Nethack is a game that you play. One of the most easy thing to hack via telnet, is a Cisco router. All Cisco routers have a telnet server built in. To learn the Cisco "language" go to this website . When connected to a Cisco router you will get something similar to the picture below. Type "enable" and you can use the privileged mode. After entering privileged mode, type "config t" to configure the router.

http://www.instructables.com/id/How-to-hack-via-Telnet/

Step 7: Jumping
The way most hackers use telnet to hack, is to telnet one device away from their computer. They use that device to open a connection to somewhere else. They do this several times in different parts of the world to protect their own identity. They like to target homes that do not know they are running a telnet server. They use those because if they do not keep a log of connections, it will be hard for anyone to track them if legal issues became a problem. Hackers can take down big systems using telnet, but most major companies put up protection against these types of attacks. Let me remind you that while it is not illegal to use telnet on stuff you own or have permission to, it is very illegal to use telnet to harm systems you do not have permission to. This guide was meant as a tool to hack into your own stuff. Many Linksys routers have telnet in them. People use the telnet as a means of making the power sent to the antennas (wireless routers) stronger. This in turn, makes the signal stronger. PS. The WRT54G is the easily hackable Linksys router.

Related Instructables

Telnet Hacking by ELECTROfun

How to enable telnet in Windows Vista by Hoboman

Cisco Console to Null Modem Serial Adapter by jwilson27

Star Wars Cmd Hack by techno_pig

SMTP Fun by duct tape

Adding Off-TheShelf Memory to a Cisco 871 by jgaynor

Comments
50 comments Add Comment view all 169 comments

dan-ball says:
When I try to do the scan, it says "dnet: Failed to open device eth5 QUITTING!" What's going on?

Apr 28, 2009. 3:16 PM REPLY

dunderwood says:
you have to do "Intense scan, all TCP Ports" for it to work properly.

Mar 3, 2011. 1:49 PM REPLY

nitendo9 says:
me too

Aug 30, 2009. 7:20 PM REPLY

DexHunx says:
me too, has anyone found the reason of this?

Jan 17, 2010. 8:42 AM REPLY

hq says:
If you remember what the massage said tell me please.

Feb 10, 2009. 11:38 AM REPLY

Mr.Ownage says:

Jun 18, 2009. 7:13 PM REPLY I got it from my school a few weeks ago, that's some serious bullsh*t They said if I dont stop, they'd put me on a list (some sort of black list) and I wouldn't be able to get the programming class next year and I would be banned from any computer lab Frankly, I dont care to be banned, but I gotta take that freaking class if I wanna live later...

http://www.instructables.com/id/How-to-hack-via-Telnet/

wirah says:

Nov 7, 2010. 7:26 AM REPLY Oddly enough, my early days of hacking my school's computer network is the exact reason I own a computer consultancy company today. Problem with schools are they don't encourage the sort of activity which allows you to think for yourself, and would rather you follow a set and closed path which in most cases, leads nowhere. I'd get some old computers, build yourself a network, and learn about networking that way. Oh, and use Linux, Windows is not build for this sort of work, and will serve only to get in your way.

thepaul1993 says:
thats why you go in the libary with a laptop, crack their internet, then do it

Jul 13, 2009. 10:55 PM REPLY

hq says:
So what did the message say?

Jun 19, 2009. 12:50 PM REPLY

MicrosoftEmployee says:

May 26, 2010. 6:52 PM REPLY hey man great tutorial, just what ive been looking for. i was just wondering how exactly do i get into the nethack.alt.org? ive gotten to the point where it asks for a login and all that stuff, but how do i get into the actuaall server?

Saturn V says:
It won't let me enter a password.

Oct 23, 2010. 2:06 PM REPLY

aryankhurana says:

Sep 11, 2010. 1:00 AM REPLY if you want to create a batch virus goto aryankhurana.t35.com to take a demo of ultimate virus creator. its a very powerfull tool to create virus.

GZNG says:

Feb 10, 2010. 5:09 AM REPLY when you say mess around with a router... you have to know the language of the encoding the router was framed around right? you gave the example of a cisco router... what about other routers like linksys, 2wire, and so on.... do they follow the same 'language'?

nicker says:
what if they have port other ports open but not port 23!! (hacking through telnet)

Jan 30, 2010. 11:19 AM REPLY

badad says:
If you want to learn more about telnet hacking visit my blog www.shiftwithme.tumblr.com

Jan 30, 2010. 8:21 AM REPLY

sarge1211 says:
how come when i try to connect it gives my "could not open connection to host" why?

Jan 19, 2010. 9:39 PM REPLY

Prometheus says:

Apr 26, 2008. 1:19 AM REPLY PS. The WRT54G is the easily hackable Linksys router. Not true for outsiders, if you are smart enough to change permissions and WEP keys. Probably one of the more secure routers you can have unless you have the proper permissions. Hackable internally? yes. Hackable externally? not very easily. An example of my password is "_34?TkG_mX93_". No matter if you saw it, you'd never be able to enter it properly without months of constant attempts, which I'd eventually be made aware of, but I don't even share it with anyone unless I want them to have it. I'll give you a hint: Those are not underscores in the password, even though they show as such. This instructable is as good for hacking your own equipment as it is for keeping others from doing so. Nice work on the project! A + rating for you.

Kush_Slayer says:

Feb 19, 2009. 5:49 PM REPLY lol wep keys, you can crack them with programs on the internet and i made a program a little while back that can tell you the alt codes for whatever you put into it ?????

Prometheus says:

Feb 21, 2009. 1:12 AM REPLY You sure? Because I use 8 AND 16-bits to make such passwords, making most any such application worthless. You cannot distinguish just what byte level I have used for sure, even if you got past the internal firewalls, and assuming you could find my router with DHT turned off. Besides, if I see activity that I didn't authorize and is not doubly-confirmed by my firewall or modem in tandem, I can just pull the plug and change the password again later. Even a "brute force" attack with mine would take you weeks to find with DHT enabled. Without DHT, you are completely out of luck. I'm protected simply because I'm not worth all the trouble. BTW, a program that will tell you the "alt-codes" as you call them, is called XVI32, as any common hex-editor. No sense writing one if so many are available for free. Nonetheless, post me a link for it on a file-hosting site, I'd love to have a look at it. I might add it as part of my toolbox if it's functionally-literate with what I want to do with it, and can do so in under 1 Mb total size... ?????

http://www.instructables.com/id/How-to-hack-via-Telnet/

macle says:
Um.. Wep was broken the moment it was lauched..

Nov 26, 2009. 10:06 PM REPLY

briscuits says:

Nov 25, 2009. 12:03 AM REPLY "We have a "be nice" comment policy. Please be positive and constructive with your comments or risk being banned from our site." Wow, that was a good reminder. Just a FYI, firewalls have absolutely nothing to do with WEP security. Breaking WEP is all about the encryption. I send you a few weak packets, bam. Done. Oh, and if I were to crack your network(which I wouldn't as it is a crime) I would change my MAC to yours, in which case you would never see the difference between my packets and yours. Finding a hotspot with no SSID is incredibly simple with the help of programs like kismet, and it would likely take less than 30 seconds to crack your AP, special characters or not. Check the aircrack-ng main page. Lets all try an upgrade to WPA2 if we want to feel safe, shall we? Just to inform the uninformed world.

Prometheus says:

Nov 26, 2009. 1:40 PM REPLY Briscuits, I think you have been watching the movie "Hackers" too long. If you'll take another look, I didn't say anything about firewalls having to do with WEP keys at all. And you could crack it in 30 seconds? Not even Angelina Jolie is that good... You have 30 seconds to crack my network....GO!

Kush_Slayer says:

Feb 21, 2009. 1:26 PM REPLY nice security then and i made the program that tells you the alt codes one day when i had nothing else to do, also its somewhere in the 50 GBs of stuff on my harddrive so i probably wont be able to find it any time soon

Prometheus says:

Feb 22, 2009. 12:36 AM REPLY No worries...The best security is the kind you yourself can't figure out if you forget your own password. "?????" is Unicode, and I mix in ascii as well as the typical caps/numbers/punctuation. That's why I try to teach people how to use at least ascii and suggest Firefox add-ons such as "Leet Key " to make tough passwords from easier words and phrases. "Antidisestablishmentarianism" can be a good password, but if you convert it to ROT-13, then to 1337, then to Dvorak, then to binary, it makes one mean password. The overall length alone increases security by 128-fold every time the password doubles in length over 20 characters. Example that I like to show the progression: Normal: antidisestablishmentarianism ROT-13: nagvqvfrfgnoyvfuzragnevnavfz Binary encoded: 01101110 01100001 01100111 01110110 01110001 01110110 01100110 01110010 01100110 01100111 01101110 01101111 01111001 01110110 01100110 01110101 01111010 01110010 01100001 01100111 01101110 01100101 01110110 01101110 01100001 01110110 01100110 01111010 Base-64 Encoding: MDExMDExMTAgMDExMDAwMDEgMDExMDAxMTEgMDExMTAxMTAgMDExMTAwMDEgMDExMTAxMTAgMDEx MDAxMTAgMDExMTAwMTAgMDExMDAxMTAgMDExMDAxMTEgMDExMDExMTAgMDExMDExMTEgMDExMTEw MDEgMDExMTAxMTAgMDExMDAxMTAgMDExMTAxMDEgMDExMTEwMTAgMDExMTAwMTAgMDExMDAwMDEg MDExMDAxMTEgMDExMDExMTAgMDExMDAxMDEgMDExMTAxMTAgMDExMDExMTAgMDExMDAwMDEgMDEx MTAxMTAgMDExMDAxMTAgMDExMTEwMTAK You might have a 1 in 12,000 chance to guess the first, a 1 in 16,000,000 chance to guess the second, a 1 in 250,000,000 chance to guess the third, and I can only estimate about a 1 in 947,000,000,000,000 chance to guess the fourth. Even the DoD doesn't have passwords this complex. That insane password came from just one long word passed through four filters. |\|0w 1f y0u 7yp3 1n |337, 7h47 0n|y 1n(r34535 y0ur 53(ur17y 3v3n m0r3... (Now if you type in leet, that only increases your security even more...)

Arbitror says:
Actually, in the text you entered on instuctables it is technically underscores..

Nov 29, 2008. 9:21 PM REPLY

Prometheus says:

Nov 30, 2008. 12:15 AM REPLY "Technically", but that is the default display character for "non-display characters". As I said before, you can try this on my router, and it'll just laugh at your attempts. They show as underscores here because the site itself uses them for characters it cannot display, but are still there. Example: 0xFF = _ Shift "-" = _ I entered those both as two different characters, despite the fact that they appear the same. The example you see above in the previous post is exactly as I intended, and was not a flaw or misinterpretation of punctuation or any other. This is how the security works, by using the other 200-or-so characters NOT used for common text, so that even if they can see them, they can't be sure exactly what the real password is.

GZNG says:
where do you get the en/decoders from?

Feb 11, 2010. 5:53 AM REPLY

Arbitror says:

Nov 30, 2008. 1:44 PM REPLY I totally know what your saying, I use the same system for my passwords too. But the underscores that are actually on this website are underscores, and not special symbols. They could be 0xFF, or in another text 0x5F. But on instructables, the physical text on the screen is really an underscore. Try copying and pasting it.

http://www.instructables.com/id/How-to-hack-via-Telnet/

Prometheus says:

Dec 1, 2008. 11:05 PM REPLY That's pretty much what I said, so we agree to agree....Maybe I should have said, "This site -uses- underscores for characters it cannot display".

bmlbytes says:

Apr 26, 2008. 8:24 AM REPLY Once again, I am not trying to promote illegal hacking. Trying to hack it externally would be illegal, and not something I would encourage you to try. As you said, internally, it would be easy. However, many people do not secure their routers, and would be easily hackable, externally, by someone on the street with a laptop.

Prometheus says:

Apr 26, 2008. 11:50 PM REPLY Oh no, of course not. Like I said, this instructable works both ways for the better of all. I very much hope that seeing this project will promote people to be a little more secure with their wireless. Again, I'm glad you posted this project, for the better of all those who read it. I get tired sometimes of explaining to people that I could use their internet illegally and it'd only trace to them and not me parked on the street. My comment will, I hope, be helpful to others in making a passworded system that is nearly impossible to break, or simply not worth the effort. Again, your project is a public service to all with wireless routers, and both ways. Kudos to you for making this known, for geeks and noobs alike. For the rest of you, "admin" is not a good password ever. It is the first choice of many hackers when they try to break in, so change it to be far-removed from this. The longer the password, the more difficult it is to hack by 4-fold for every character over 8 in total.

Prometheus says:

Apr 26, 2008. 1:42 AM REPLY I should add that if you own one of these routers, the only way in is through using the default password for the configuration. Change this to something real secure and your router is secure. If you have trouble generating secure random keys for yourself, try using the 1337-key firefox extension (only if you have the latest version of Firefox (and why don't you have the latest version anyway??). It's easy, just enter a short phrase into the plugin (that you can remember), and convert to a different format. Once you have done so, congratulate yourself on your first fractal encryption key. Also, lemme add for your password security: Examine the difference between these two lines: _955 _955 No difference? I don't blame you, it cannot be seen nor copied, but if entered as a password to hack me, you'd fail. I genuinely entered two different passwords there, but these two are absolutely uncrackable on this site or any other. Your hint: ASCII table....Hold the ALT key and enter the decimal value of the character you wish to employ, and it will appear when you release it.

LkArio says:
On *nix, there's no ipconfig, it's ifconfig and you need to be root.

Aug 21, 2009. 2:16 PM REPLY

agent says:
So use sudo ifconfig

Sep 29, 2009. 8:04 PM REPLY

ndl says:

Sep 25, 2009. 12:21 AM REPLY Sorry for OT. But... >> You will want to use the IP address that you found port 23 open on, or the game, nethack.alt.org. >> IP address that you found port 23 open on, or the game, nethack.alt.org. >> port 23 open on, or the game >> the game

agent says:
Am I the only one who found that funny?

Sep 29, 2009. 8:04 PM REPLY

shoyru_master_11 says:
Telent??? what is it???

Sep 29, 2009. 6:51 PM REPLY

girrrrrrr2 says:

Oct 10, 2008. 1:57 PM REPLY i am running this in wine... and when ever i try to start it. where ever there should be words there is a big black mark... any help please?

Tachyon says:

Oct 25, 2008. 7:14 PM REPLY Why would you use wine to do this? nmap and telnet are originally native UNIX apps and come with any decent LINUX distro....

http://www.instructables.com/id/How-to-hack-via-Telnet/

girrrrrrr2 says:
is ubuntu a decent distro?

Oct 26, 2008. 8:25 PM REPLY

LkArio says:

Aug 21, 2009. 2:20 PM REPLY Many people hate it, many people follow it as if it were a religion. You can download nmap/zenmap from Ubuntu's repositories, or at least Debian's.

hiroe says:
yes, open the command line and type telnet (stuff)

Apr 28, 2009. 10:21 AM REPLY

revolutin says:
hello sir i am abbas i am doing b.E final year my project is network security if you free plz teach me

Mar 21, 2010. 2:09 AM REPLY

octavian234 says:
I have some basic concept of ip adresses but not really do you have to be on the same network to hack the computer?

Jul 16, 2009. 11:52 PM REPLY

Tiuri28 says:
and, what can you do once you connected?

Jun 18, 2009. 9:02 AM REPLY

Mr.Ownage says:

Jun 18, 2009. 7:22 PM REPLY Well, depends of what you're connected to... Most of the time, what you'll find with a port 23 open is a router, Which controls the network, from there you could run a whole business From there I suppose you're not the classical teenpunk trying to hack someones computer...

Tiuri28 says:
any examples of codes for example for hacking files or shutdown

Jun 19, 2009. 5:13 AM REPLY

bmlbytes says:
That depends on what the device is. If you hit a cisco router, you can do a lot to a network.

Jun 18, 2009. 6:11 PM REPLY

Tiuri28 says:

Jun 19, 2009. 5:16 AM REPLY When I try to connect, after a while there comes a text: "hit any button to continue", when I do that it says: "connection with the host broken". What do I do wrong? please help, its urgent!!!

bmlbytes says:

Jun 19, 2009. 7:40 PM REPLY Its probably the devices way of refusing your connection. The device at the other end can break the connection too, so that is what the last message means. The first message suggests that you connected to a device, but it didnt have anything you could do.

view all 169 comments

http://www.instructables.com/id/How-to-hack-via-Telnet/