How to Telnet with Windows
The queen of hacker commands is telnet. To get
Windows help for telnet, in the cmd.exe window give the
Here's what you will get:
telnet [-a][-e escape char][-f log file][-l
-a Attempt automatic logon.
Same as -l option except uses
the currently logged on user's
-e Escape character to enter telnet client prompt.
File name for client side logging
-l Specifies the user name
to log in with on the remote system.
Requires that the
remote system support the TELNET ENVIRON
Specifies terminal type.
Supported term types are vt100,
vt52, ansi and vtnt only.
host Specifies the hostname or IP
address of the remote computer
to connect to.
port Specifies a port number or service name.
note: what is a port on a computer? A computer port is sort of
like a seaport. It's where things can go in and/or out of a
computer. Some ports are easy to understand, like keyboard,
monitor, printer and modem. Other ports are virtual, meaning
that they are created by software. When that modem port of
yours (or LAN or DSL) is connected to the Internet, your
computer has the ability to open or close any of over 65,000
different virtual ports, and has the ability to connect to any
of these on another computer - if it is running that port, and
if a firewall doesn't block
note: How do you address a computer over the Internet? There
are two ways: by number or by name.
The simplest use of telnet is to log into a remote
computer. Give the
C:/>telnet targetcomputer.com (substituting the
name of the computer you want to telnet into for
If this computer is set up to let people log into
accounts, you may
get the message:
Type your user name here, making sure to be exact.
You can't swap between lower case and capital letters. For
example, user name Guest is not the same as guest.
note: Lots of people email me asking how to learn what their
user name and password are. Stop laughing, darn it, they really
do. If you don't know your user name and password, that means
whoever runs that computer didn't give you an account and
doesn't want you to log on.
Then comes the message:
Again, be exact in typing in your password.
What if this doesn't work?
Every day people write to me complaining they can't
telnet. That is usually because they try to telnet into a
computer, or a port on a
computer that is set up to refuse
telnet connections. Here's what it
might look like when a
computer refuses a telnet connection:
C:\ >telnet 10.0.0.3
10.0.0.3...Could not open connection to the host, on port 23. A
connection attempt failed because the connected party did not
properly respond after a period of time, or established
connection failed because connected host has failed to respond.
Or you might see:
C:\ >telnet cmeinel.com
cmeinel.com...Could not open connection to the host, on port
No connection could be made because the target
machine actively refused it.
If you just give the telnet command without giving
a port number, it will automatically try to connect on port 23,
which sometimes runs a telnet server.
note: your Windows computer has a telnet client program,
meaning it will let you telnet out of it. However you have to
install a telnet server before anyone can telnet into port 23
on your computer.
If telnet failed to connect,
possibly the computer you were trying to telnet into was down
or just plain no longer in existence. Maybe the people who run
that computer don't want you to telnet into it.
How to Telnet into a Shell Account
Even though you can't telnet into an account inside
some computer, often you can get some information back or get
that computer to do something interesting for you. Yes, you can
get a telnet connection to succeed - without doing anything
illegal – against almost any computer, even if you don't have
permission to log in. There are many legal things you can do to
many randomly chosen computers with telnet. For example:
C:/telnet freeshell.org 22
That tells us the target computer is running an SSH
server, which enables encrypted connections between computers.
If you want to SSH into an account there, you can get a shell
account for free at http://freeshell.org
. You can get a free SSH client program from
One reason most hackers have shell accounts on
Internet servers is because you can meet the real hackers
there. When you've logged in, give the command w or who. That
gives a list of user names. You can talk to other users with
the talk command. Another fun thing, if your shell account
allows it, is to give the command
It might tell you what commands and processes other
users are running. Ask other users what they are doing and they
might teach you something. Just be careful not to be a pest!
get punched in the nose warning: Your online provider might
kick you off for making telnet probes of other computers. The
solution is to get a local online provider and make friends
with the people who run it, and convince them you are just
doing harmless, legal explorations.
Sometimes a port is running an interesting program,
but a firewall won't let you in. For example, 10.0.0.3, a
computer on my local area network, runs an email sending
program, (sendmail working together with Postfix, and using
Kmail to compose emails). I can use it from an account inside
10.0.0.3 to send emails with headers that hide from where I
If I try to telnet to this email program from
outside this computer,
here's what happens:
C:\>telnet 10.0.0.3 25
10.0.0.3...Could not open connection to the host, on port
No connection could be made because the target machine
actively refused it.
However, if I log into an account on 10.0.0.3 and
then telnet from inside to port 25, here's what I get:
Last login: Fri Oct 18 13:56:58 2002 from
Have a lot of fun...
telnet localhost 25
telnet: connect to
address ::1: Connection refused
[Carolyn's note: 127.0.0.1 is the numerical
localhost, the same computer you are logged into]
Escape character is '^]'.
test-box.local ESMTP Postfix
The reason I keep this port 25 hidden behind a
firewall is to keep
people from using it to try to break in
or to forge email. Now the
ubergeniuses reading this will
start to make fun of me because no
Internet address that
begins with 10. is reachable from the Internet.
However, sometimes I place this "test-box"
computer online with a static Internet address, meaning
whenever it is on the Internet, it
always has the same
numerical address. I'm not going to tell you what its Internet
address is because I don't want anyone messing with it. I just
want to mess with other people's computers with it, muhahaha.
That's also why I sometimes keep my Internet address from
showing up in the headers of my emails.
note: What is all this about headers? It's stuff at
beginning of an email that may - or may not - tell you a
where it came from and when. To see full headers,
in Outlook click view -> full headers. In Eudora, click the
"Blah blah blah" icon.
This Guide used to include instructions on how to
forge email. However, spammers have abused email forging so
badly that the only way us non-criminals can forge email is to
set up an email server on our own network. However, there still
are plenty of fun hacker things you can do, legally, with
Ready for more fun? You
can learn how to use netcat! -->