The Telnet service is a basic and typical protocol for remote logon. Here we will introduce the problems related to the Telnet connection. This article describes some measures based on the doscommand. Hope to help you.
Telnet connection
Windows comes with a Telnet server. As long as you get the Administrator account and password of the other party, after establishing a Telnet connection with the other party, you can completely control the other party's host, which is easy to control, just like the doscommand on your machine, as long as you are familiar with the doscommand, then, hey.
Many friends do not like the doscommand, but you must know that successful intrusion is impossible to leave the command pipeline. Mastering the command is the fundamental foundation. Be familiar with various command formats.
As mentioned above, when we get the Administrator account and password, we establish an IPC $ connection with the other party. If we establish an IPC $ connection, we can get the Telnet Shell, but the premise is that the other party has enabled the Task Scheduler Service. You can refer to the introduction to this service in the management tool-service-: "allow programs to run at the specified time". Do you understand, this is actually the service corresponding to a lot of AT commands AT home. If the service is not running, it cannot be used. However, we can use the NETSVC tool to enable the Service. The basic format is:
- netsvc \\ip schedule /start
It must be noted that NETSVC is a management tool attached to the NT version. It is used to remotely open the host service. However, when the network speed is poor or the external network host service is enabled from the LAN, it is not easy to succeed.
Let's take a look AT the AT command. You only need to use the command at time \ ip net start telnet to enable the Telnet service of the other party at the specified time.
At this time, you can Telnet the IP address to connect to the peer. However, the telnetservice uses ntlmverification, but we can use the ntml.exe of Xiao Rong to cancel the NTML verification. You only need to use the COPY command to upload the file, and then use the AT command to regularly start the file.
Another example is to create a shortcut for your cmd.exe. Then, in the shortcut attributes, select "Run pipeline as another user. You can directly connect to telnet. ntml.exe will be uploaded, which is convenient.
If you get the opposite user name as Administrator, you can change your Administrator password to the same password as the other user, and then use Administrator to log on to your computer, connect to the other Party through Telnet. The ntlm.exe of the small banyan tree is not used in this case.
Well, we can say we have full control over the host of the other party.
The Terminal Service connection is a 3389 Terminal connection)
When talking about Terminal Service, many friends may not be very clear, but if we say 3389, haha, almost no one knows, right?
Almost a hacker knows this TCP port, which is the Service port corresponding to the Terminal Service.
First, let's talk about how to enable the Terminal Service. When Windows 2000 server or a later version is installed, the Terminal Service is installed by default. As long as the Administrator has correctly configured the Service during the installation process, after the system is installed, the Terminal Service is automatically enabled. But what if some administrators do not install the Terminal Service? Let's help him install it.
Get the Administrator account and password first. No need to talk nonsense.
Establish an IPC $ connection and further win the Telnet Shell) and then create a 3389. bat file on the local computer. Upload the file and start it regularly. If you use a Telnet connection, run the batch file directly.) The file content is as follows:
- echo [componets] > c:\sql
- echo TSEnabie = on >> c:\sql
- syscmgr /i:c:\winnt\inf\sysoc.inf /u:c:\sql /q
If you are using Telnet, you can directly create the 3389. bat file using the following method.
First, type "copy con 3389. bat "command, press enter, and write the above file content line by line, then press CTRL + Z and press enter to end, at this time, of course, in the work folder or under the disk) generated 3389. bat batch file, and then type 3389. execute bat.
The next step is to restart the machine, because the Terminal Service requires a lot of DLL file loading to run normally, and must be started again to take effect.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
