================================================================
How to use Telnet for several things by CYA McClaude
================================================================
A S T A L A V I S T A   G R O U P  (http://www.astalavista.com)


Hello folks out there! Here is McClaude again with another Tutor for all you guys.

1. Why this tutor
2. How to use TelNet
3. How to send anonymous mails
3.1. SMTP
3.2. How to send anonymous mails with TelNet
4. How to use TelNet in several aspects
4.1. How to delete files of a Website
4.1.1. HTTP
5. Greets


1. Why this tutor?
-------------------

Easy to answer. Most of you only know that TelNet is a Port ( Port 23 ) or that TelNet is a Remote Control Tool. Remote Control means in
this aspect that you as Client can get a Connection to for example a TelNet Server and then you can write Commands in a derivate of a Shell
and this commands are executed only on this server not on your machine. But I want to show all you guys how to use this simple Remote
Control Tool in several ways, because this simpleness is brilliant. So hope I answered this question and if you are interested in go on
and read if not stop reading and go pissing.

2. How to use TelNet
--------------------

TelNet is a text based tool. So if you want to connect to the destination (128.62.254.12) write: 'telnet 128.62.254.12 23'.
So you see at first there is the command telnet to start the TelNet Client, the next is the destination address and last is the Port,
you know the TelNet port 23. So I hope now you can use TelNet.

3. How to send Anonymous Mails
------------------------------
3.1. SMTP
---------

Yes first I have to say somehting about the SMTP ( Simple Mail Transfer Protocol ). The standard is written down in the RFC 821
( RFC = Request for Comments ) it goes back to the year 1982. This RFC defines the commands which could be used.
This Commands are:

1. HELO <Client Adress or Name> - It marks the begin of that TelNet session and sends your name or address to the SMTP Server
2. MAIL FROM:<your mail addie> - with this command you send your mail addie to server which is also written in the e-mail as sender
3. RCPT TO:<recipient> - with this command you define the recipient
4. DATA - this marks the begnning of the e-mail if the server sends an ack ( ackwoledge ) you can begin to write the message
		  if you have ended you have to mark it with an command or character which was sent to you after you have sent the command DATA
5. RSET - =Reset this establishs the initial stage and the connection is canceled
6. NOOP - =No Operation so it means that nothing is done
7. QUIT - This is the ending of the SMTP connection

But this are only the most important commands many commands have been added in this time after the RFC has defined them. For example 
EXPN - =expand with this command maillist support will be available
VRFY - =verify this command requests the confirmation of the recipient address
Caused of this addition the SMTP is also called ESMTP which means Extended SMTP. So I hope you have learned something in this section.

3.2. How to use SMTP to send anonymous mails
--------------------------------------------

First you have to find a free accessable SMTP server. Caused by Spaming many servers has secured their systems like GMX with 'SMTP after
POP' which means that at first you have to login at POP with your username and password for your GMX e-mail addie. After that the Srever
saves your IP for a special time in which you can connect to SMTP server to send mails.
Freenet uses another secured system. This SMTP server denies special recepient addies.
So you have to search a free accessable Mail server with out such secured servers. They exists.
So after you have found such a server you can write in your shell: 'telnet <serveraddy> 25' then your client connects to it.
Here is a complete TelNet Session: 

Connected to mail.gmx.net.
220 {mp015-rz3} GMX Mailservices ESMTP
HELO www.The-Netrix.net
250 {mp015-rz3} GMX Mailservices
MAIL FROM:LinusTorvalds@linux.org
250  ... Sender Okay
RCPT TO:BillGates@microsoft.com
250  ... Recipient Okay
DATA
354 Enter mail, end with "." on a line by itself
Operating Systems are like sex, you have the best if it is free.
.
250 Mail accepted
QUIT
221 mail.gmx.net closing connection
Connection closed by foreign host.

I will help you to understnd this. First your Client trys to connect to the mail server. As sign that the connection is established the
server answers with a command like that. Then you say hello to the server with the command 'HELO' and your machines name. Next is another
answer from server which is unimportant. After it you send your mail addy to server with the command 'MAIL FROM:' followed by your addy.
Then the server check this addy and if it's OK he will inform you about it. Next he expects the recipient and you won't let him wait
with the command 'RCPT TO:' followed by the addy of the recipient. If it's also OK you can start to write your mail after the command 
'DATA' which is followed by the ack of the server and the text or character which marks the end of the mail.Then you write your mail
and end it how the server expect it. If the mail is OK the server will inform you for the last time in this session. After it there is no
cause which should hold your connection so you will end it with 'QUIT' and the server will send a last stupid message as sign that the 
connection is closed.
This was only a stupid example to show you how you can send mails with TelNet.

4. How to use TelNet in several aspects
---------------------------------------
4.1. How to delete files of a Website
-------------------------------------

There is a way to delete files of a website with the help of the HTTP ( Hyper Text Transfer Protocol ). But this securityhole is mostely
closed. This hole is caused by stupid administrators which can't configure there Apache or IIS or any other HTTP server.

4.1.1. HTTP
-----------

The HTTP exists since 1990. Before this time the internet was used to make a file exchange with the FTP or to get in Mailboxes where you
can write messages or many other things. With the HTTP and HTML ( Hyper Text Mark Language ) the www-Clients like Netscape or IE can 
interprete this Hyper Text to display informations or other things like you know. But what the user can't see when he uses such a client
that the HTTP follows also the Request-Answer-play. The client requests informations with a special command, which i will explain beside 
others later, and the HTTP server ansers with the requested informations. This requests or answers are HTTP messages which could be
simple-request or simple-response or full-request or full-response. The simple HTTP-messages based on HTTP/0.9 and the full messages on
HTTP/1.0 . But the difference between this messages is very small, except the one of HTML/0.9 and HTML/1.0.

The commands:

1. GET <address> - the address is the whole like http://www.destination.com/index.html this command requests the informations ( the code )
				   in this file and if  the file is a CGI it have to be executed and the produced informations will be send to client
                 - the difference between this simple-request and the full request is that the full-request ends with HTTP/1.0
				   like this: 'GET http://www.destination.com/index.html HTTP/1.0'
2. HEAD <addy> - it have to be a complete addy, too. The small difference between this command and the GET command is that this command
				 only META-Tags and the other informations in the title tag
3. POST <addy> - this is used for bigger data it is mostley used for data which have to be send to a program
4. PUT <addy> - with put you send data to the server like HTML documents and this data is saved under the addy which you have declared
5. DELETE <addy> - this is the opposite of PUT so it deletes the data which you have specified with the addy

4.1. How to delete files of a Website
-------------------------------------

So with your instinct you have discovered that there is a security hole. The HTTP protocol today is used in combinition with the FTP
, so that means FTP is used by webmasters to upload their files and HTTP is used by the Client to resolve these site. But in former times
concrete: at the development of the HTTP the developers aimed to make it easier to upload files, so not with the FTP and that means without
a special FTP-Client, so they created a command to upload and delete files on a webserver. But the problem is that the HTTP didn't use an
authentication but FTP does. So that means that the most administrators disabled these Commands to shut a security hole. But there are not
only experienced admins out there but stupid, too. So there is still such a hole which waits to be used. 
How ever TelNet is an excellent simple tool. So if you want to use this security hole connect to the destination hostname or IP (you can
use a hostname because DNS will be used to resolve the IP) on Port 80. I've showed you guys how to do it. So do it. When the connection is
established you can use the commands which are discribed in section 4.1.1. 
Example to delete the index.html: DELETE http://www.microshit.com/index.html


So I hope you will enjoy using TelNet not only in this way, you can use it also if you want to open a RAW-IRC-Session. USE YOUR BRAIN!

5. Greets
---------

Greets go out to all of you Hackers and Newbies! Especially I want to greet WFUX, Sokrates, Warhawk, Postman, Toaster, Kevin Mitnick *g*,
cig, zordan, april, shiny***, crusher and all of them who i've forgotten ;-)


CYA McClaude --[Leader of the CAC]-- 
Questions to: McClaude@gmx.net
Homepage:     http://The-Netrix.thx.to
2001