PowerShell tips for getting the TCP response (class Telnet) _powershell

Source: Internet
Author: User

Normally, in order to detect whether a specified TCP port is alive, we are looking for a response through the port specified by Telnet, but by default Win8 the system is not installed Telnet by default. Imagine if you hacked into a server and didn't have telnet on it, but in order to penetrate further into the intranet, you need to detect if the internal server-specific port is open, and you are not willing to install Telnet, fearing attention from the administrator. Well, in this case you need this script of mine. Because it is the original ecological PowerShell statement completed, the wood has telnet you can also detect the TCP port situation.

The following is the first code, explained later:

Copy Code code as follows:

===== FileName: get-tcpresponse.ps1=====
Function Get-tcpresponse {
<# author:fuhj (powershell#live.cn, http://fuhaijun.com)
. Synopsis
Tests TCP port of remote or local system and returns a response header
If applicable
. DESCRIPTION
Tests TCP port of remote or local system and returns a response header
If applicable
If server has no default response, then Response property'll be NULL
. PARAMETER Computername
Local or remote system to test connection
. PARAMETER Port
TCP Port to connect to
. PARAMETER Tcptimeout
Time until connection should abort
. EXAMPLE
Get-tcpresponse-computername Pop.126.com-port 110

Computername:pop.126.com
port:110
Isopen:true
Response: +ok Welcome to Coremail Mail Pop3 Server (126coms[75c606d72bf436dfbce6 ...])

Description
-----------
Checks Port of a mail server and displays header response.
#>
[OutputType (' Net.tcpresponse ')]
[Cmdletbinding ()]
Param (
[Parameter (valuefrompipeline,valuefrompipelinebypropertyname)]
[Alias (' __server ', ' IPAddress ', ' IP ', ' domain ')]
[string[]] $Computername = $env: Computername,
[int[]] $Port = 25,
[int] $TCPTimeout = 1000
)
Process {
ForEach ($Computer in $Computername) {
ForEach ($_port in $Port) {
$stringBuilder = New-object Text.stringbuilder
$tcpClient = New-object System.Net.Sockets.TCPClient
$connect = $tcpClient. BeginConnect ($Computer, $_port, $null, $null)
$wait = $connect. Asyncwaithandle.waitone ($TCPtimeout, $false)
If (-not $wait) {
$object = [Pscustomobject] @{
Computername = $Computer
Port = $_port
IsOpen = $False
Response = $Null
}
} Else {
while ($True) {
#Let Buffer
Start-sleep-milliseconds 1000
Write-verbose "Bytes available: $ ($tcpClient. Available)"
If ([Int64] $tcpClient. AVAILABLE-GT 0) {
$stream = $TcpClient. GetStream ()
$bindResponseBuffer = New-object byte[]-argumentlist $tcpClient. Available
[Int] $response = $stream. Read ($bindResponseBuffer, 0, $bindResponseBuffer. Count)
$Null = $stringBuilder. Append ($bindResponseBuffer | ForEach {[char][int]$_})-join ')
} Else {
Break
}
}
$object = [Pscustomobject] @{
Computername = $Computer
Port = $_port
IsOpen = $True
Response = $stringBuilder. Tostring ()
}
}
$object. Pstypenames.insert (0, ' net.tcpresponse ')
Write-output $object
If ($Stream) {
$stream. Close ()
$stream. Dispose ()
}
$tcpClient. Close ()
$tcpClient. Dispose ()
}
}
}
}

First create a System.Net.Sockets.TCPClient object, to connect the specified domain name and port, instantaneous disconnect that is the server did not open that port, directly rejected, if not rejected, then wait for the server to give you a response, and then read the byte stream splicing up to resolve.
Finally, it needs to be emphasized that open streams and TCP connections need to be shut down to free up resources
The method is invoked as follows:

Copy Code code as follows:

Get-tcpresponse-computername Pop.126.com-port 110

and compare the results of Telnet

The result is the same, later no Telnet will be difficult to live, have fun! ^_^

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.