=-_.-=-._.- H A C K E R S I N F O R M A T I O N R E P O R T -._.-=-._.-= Windows telnet daemon (WinTD) by: Axon ...a word, before i continue... This is the first article I'm writing on my new palmtop (yes, that's right...i did it.) After toying around with Asmodian X's Compaq PC Companion for hours, never finding an end to the intrigue, i gave in, needing at least a part-time replacement for my laptop. I went with a Hewlett-Packard 300LX, which still uses the Hitachi SH3 processor and 2 megs of ram like the Compaq, but sacrifices a backlight. We'll see how it goes. I'm sort of using this text file as a test to see how fast/accurate my typing is on this keyboard, and to see how long i can go at it before going crazy... ...on with the show... Windows telnet daemon, known as WinTD, usually, is a great crippleware program out there, and i've found nothing else of its breed ever since. Most of you, just by the name, should be getting a picture in your minds..."allows you to TELNET" into a windows machine?!?!?" Certainly... So what would windows look like if you telnetted in? As it would come to be, it looks a tad like unix. It uses some popular unix commands for navigation, and other tasks. It's kind of like getting a UNIX $ prompt, and using unix commands to navigate a DOS filesystem. Here are a few commands and their purposes. I do not have them all memorized, but i know most of them that WinTD recognizes. ls list system (dir in DOS) ps process. Lists all proceses, along with their process id (PID) cd change directory. Lots like DOS/UNIX cd. to change drives, use cd x: rm remove file (delete/del) kill kills a task running on the host. Each task is killed by killing the pid number you got using ps who shows who all is logged on, what tty, and the PID of their shell set allows certain variables to be set. man displays user manual entries for commands (i'll get to this later) suue encrypts any file with uuencode and pumps it to the terminal (this is great for downloading files, hopefully small ones, from the host.) ruue starts expecting a uuencoded file to be sent over the terminal to the host. Usually one can use copy/paste to upload uuencoded files. I will explain this is greater detail later mkdir make a directory. rmdir remove a directory. exit quits the session exec Executes a dos command, and places the output to your terminal. (this part has BIG problems, but I'll talk about them in a sec) Winexec this command executes any command on th host, and displays it on host's monitor. It is very powerful, so only root, and maybe 1 or 2 VERY trusted users should have access to it. I'll discuss it at the same time i discuss exec. passwd gee. i wonder. Change yer password maybe? That's about the only ones I ever use, but i know there's more. Some of the commands don't even look like normal unix commands. Now for the bad news: if you recall, i said it's a crippleware program. You can use it all you want without having an obligation to pay, but in order to get the user manual pages that tell what each command does, and the syntax for them, you get to pay some ungodly amount of money (less than $100 but if it's more than 5, it'll probably wipe me out). No, i don't know of anyone who has the man pages available for download, but if you ever find 'em, e-mail a gzip or PKzip of 'em, you'll be a lifesaver. *--Most of you are probably fearing that this article will be like most of the articles about programs that you might see in some good old 80's e-mag, or even 2600. The fact is, most writers just assume that readers can find stuff (actually, many writers for 2600 will tell you where to get certain things, but some of the newer writers don't...i know it's not Emannuel's fault). Dob't worry, at the end, i'll tell ya where to get it.--* So what does WinTD allow you to do? Well, first off, you have to download it and configure it. You can set what port it services, What the log-on message is, customize the prompt, and all sorts of other things. Then you have to add users and define permissions. "permissions" isn't exactly like unix. You can just define what commands each user is allowed to execute. There is a list of all the available commands, and you just highlight the ones you want (click on them while holding the ctrl key), then add the commands to the user's box. If you want to make an account for ourself or a buddy of yours, and dont want it restricted in access, but don't feel like highlighting all the commands, there is a checkbox saying "root". So all root is, is someone who can execute all commands. Now, to answer your question: Why would anyone really want to telnet into a windows machine? I've found that Wintd is somewhat secure. I've been messing with it for over a year and still never really ben able to hack it the outside. One thing it does that i do not particularly care for is that if you enter an invalid login name, you'll know it's invalid, because it just asks for a login again, instead of asking for a password. Possible uses for logging into your own computer remotely would be to download homework, cool programs, or something else. While I've tested the uue send and receive features, i'll say they are slow. I would recommend using WinTD to launch an FTP daemon (which are typically insecure anyways), then ftping your files down, and killing off the FTP daemon with ps and kill. You can also see what's going on on your computer this way, with ps. Kill your screen saver's process, and your screen saver goes away just as if someone was messing with the mouse. With some other commands, you could even start the calculator, netscape, a word processor, or whatnot, on your computer running WinTD, and kill them off if you wish. Time to tell you something cool...WinTD has a cool little feature which allows you to hide it. No one will know it's running unless they pull up the task manager or hit ctrl/alt/delete. Furthermore, it has the option of hiding itself upon startup, making it perfect for stealthily keeping an eye on someone else's system that's hooked up. Granted, this works a lot better on a system what has static IP, like library computers hooked up to the internet, or computer lab systems... Ever downloaded someone's C++ project right from under their nose? =] The imagination is the only limit on this one. So how about exec & winexec? Earlier i mentioned some problems with exec. It does have problems. It will execute any dos command, and when it is done running, display the output to you. That's it. No more. This means you really should run only things such as chkdsk (to show you some stats on the host hard drive), Attrib, dir, and a few others that don't require any input before relenquishin control back to the command interpreter. If you are a bonehead and forget ths "feature", you may be able to hit ctrl-c but sometimes that doesn't even work. About the only thing you can do then is to open another telnet session to it, and, if you didn't crash WinTD, log-in and kill the process off that you ried to run, kill the process of your other session, and hope the daemon stays stable. WinTD is not very predictable when the exec command is brought in. I would recommend reserving it for root only, or else other accounts could D-o-S (denial of service) ya. Winexec, however, has a lot more respect from me. With it, you can, on the host computer, execute anything it has on its system (and by the way, windows programs still accept cmmand line arguments. Remember that.) simply seeing calc.exe in the directory you're in doesn't mean you can type "calc" or "calc.exe" and it will run. You must type "winexec calc" or if it's a batch file or .com file, you need to include the extension as well. As far as file transfers with suue/ruue, i don't ecommend it unless it's in a pinch, and it' a small file. It works best if you have a good telnet client like NetTerm or TeraTerm that supports an ASCII upload feature. (i like teraterm 'cuz it installs onto a 1.44MB floppi without complaining about it). All you need to do to send a file is run it through a uuencoder and do an ascii upload of the uuencoded file. Downloading is fun. You must start logging the session to a file before telling WinTD to start sending the uuencoded stream. Then you have to edit the top and bottom of the log file to get rid of the stuff you typed and the $ prompt at the end of the file and THEN run it through a uudecoder. Fun stuff. Avoid it whenever possible. These are two commands i would also not trust the normal user with. ...now for the good stuff... WinTD is released by Snappy Software (No affiliations with Play, inc, the makers of the snappy! video capture kit for the computer) I can't for the life of me remember what the heck the URL is to their page, but i do recall that i found WinTD on tucows. Tucows is a great page for anyone that wants every single internet related utility for windows 3.1/95/NT. go to http://www.tucows.com and choose any of the primary affiliates and regular updaters (they'll have TWO check marks by them) I always use the first california site with 2 check marks next to it. When you arrive at that site, you must chose Windows 95. Then it gives you a huge table of TYPES of programs. Look under Server Daemons, and it will be somewhere in there. If it is npt, go back a page or two till you see a search textbox, and just search for WinTD that way. You'll find it. Well, that about cover it for WinTD. I'm hoping that this month-delayed issue of HiR doesn't tick too many people off, and i figured we'd better have quite a few more articles if wwe were going to be late. Use your imaginations with it...and happy/safe hackin'!