How to Set windows Telnet (1)

The operating system in many data centers is still 2000. Here, we will analyze some installation and setup processes of Windows Telnet. Now let's take a look at the specific content. Hope to help you.

Windows2000 Telnet

In fact, from the application layer, there is nothing to say about Windows Telnet. You can get most of the content from the HELP file. I just want to sort it out.

1. Basic Configuration

Windows Telnet client and server program: Large.

In Windows 2000, the Telnet service is installed by default, but it is not started by default. The following provides some default settings for the Telnet service in the HELP file:

AllowTrustedDomain: whether to allow access by domain users. The default value is 1, which allows access by trusted domain users. It can be changed to 0. Access by domain users is not allowed only by local users ).

DefaultDomain: Any domain that has a trust relationship with the computer. The default value is ".".

DefaultShell: Specifies the path where the shell is installed. The default value is % systemroot % \ System32 \ Cmd.exe/q/k.

MaxFailedLogins: displays the maximum number of failed attempts before the connection ends. The default value is 3.

LoginScript: displays the path of the logon script on the Telnet server. the default location is "% systemroot % \ System32 \ login. cmd ", you can change the script content so that the welcome screen for logon to Telnet is different.

NTLM: NTLM authentication option. The default value is 2. You can have the following values:

0: NTLM authentication is not used.

1: First try NTLM authentication. If it fails, use the user name and password.

2: Only NTLM authentication is used.

TelnetPort: display the port on which the telnet server listens for the telnet request. Default Value: 23. You can change it to another port.

You can use tlntadmn.exe to Telnet the server management program.

2 NTLM

When it comes to telnet, we can't help but mention NTLM. I think this is one of the biggest headache for intruders. Even if you get the Administrator account and password, it is not easy to simply use NTLM, moreover, by default, Windows Telnet only verifies the identity in NTLM mode, which forces us to pay attention to NTLM. What is NTLM?

The early SMB protocol clearly transmitted the password on the network, and later appeared the "LAN Manager Challenge/Response" verification mechanism, LM for short, which is very simple and easy to crack, microsoft then proposed the WindowsNT challenge/response verification mechanism, that is, NTLM. now we have an updated NTLMv2 and Kerberos verification system. the NTLM workflow is as follows:

1. The client first encrypts the current user's password locally into a password hash.

2. The client sends an account to the server. This account is not encrypted and is directly transmitted in plaintext.

3. The server generates a 16-bit random number and sends it to the client as a challenge)

4. The client encrypts the challenge with the encrypted password hash, and then returns the challenge to the server as a response)

5. the server sends the username, challenge to the client, and response returned by the client to the domain controller.

6. the domain controller uses this user name to find the user's password hash in the SAM password management library, and then uses this password hash to encrypt challenge.

7. the domain controller compares two encrypted challenge. If the same, the authentication is successful.

From the process above, we can see that NTLM sends a login request to the Telnet server as the current user, instead of logging in with the account and password of the administrator of the other party you scanned. Obviously, your logon will fail. for example, the name of your machine is A local machine), the name of the machine you intrude into is B remote machine), your account on A is xinxin, And the password is 1234, the Administrator account you scanned for B is Administrator and the password is 5678. When you want to Telnet to B, NTLM will automatically use the current user's account and password as the login creden to perform the above 7 operations, that is, using xinxin and 1234, instead of using the Administrator and 5678 you scanned, all of these operations are completed automatically without giving you any chance to intervene. Therefore, your login operation will fail.

Because the Telnet server has three options for NTLM usage, When you Telnet a remote machine, one of the following is displayed:

1) when the AUTHENTICATION option is 0

 
 

  
  
Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
  
  
Welcome to Microsoft Telnet Service
  
  
Telnet Server Build 5.00.99201.1
  
  
Login:
  
  
Password:
  
  
If \ is 0, NTML authentication is not used. Enter the user name and password directly. For example, you can enter Administrator and 5678