Some notes on Telnet

Remember this funky little network protocol TELNET, which has been invented in the early 70ies? Telnet provides access to a command line interface CLI on a remote host over TCP/IP.

TELNET is a client/server protocol, which basically needs two services: a Telnet Client and a Telnet Server, which usually is listening on Port 23 of the remote machine. Since SSH provides powerful encryption and is recommended by security experts, TELNET isn't widly used anymore except by admins and network hackers. However, you can do a lot of useful things with TELNET in your daily life. Sending raw FTP commands, Connecting to a POP-Server, sending custom HTTP-Headers, even establish a secure connection using open_ssl.

Connect to a POP3-Server with TELNET

For example, you could login to your POP-Server and read your mails, if there's no mail client around. Works as well for checking, if the connection to a certain mailserver can be established at all. First, establish a TELNET session using your favourite console, whereas 110 is the standard port of your pop3 server
spielprinzip@warmachine:/$ telnet pop.example.org 110
Now, lets talk a bit to the POP3 deamon:
+OK exampleserver.com mailserver ready. user USERNAME +OK pass PASSWORD +OK Logged in. stat +OK 736 159459181 list 732 2420 733 994 734 648 735 637 736 982 . top 1 0 +OK Return-Path: X-Original-To: hello@spielprinzip.com Delivered-To: user@exampleserver.com X-policyd-weight: using cached result; rate: -7.6 X-Greylist: delayed 1756 seconds by postgrey-1.31 at dd22012; Sun, 24 Jan 2010 23:57:06 CET Received: from example.net (unknown [143.99.61.57]) by example.example.com (Postfix) with ESMTPS id 398923DEDE7 for ; Sun, 24 Jan 2010 23:57:05 +0100 (CET) Received: from example by example.net with local (Exim 4.68) (envelope-from ) id UISID-0008k0-3X for hello@spielprinzip.com; Sun, 24 Jan 2010 23:27:43 +0100 Date: Sun, 24 Jan 2010 23:27:43 +0100 To: "hello@spielprinzip.com" From: ADMIN Reply-to:ADMIN Subject: a test email Message-ID: X-Priority: 3 X-Mailer: PHPMailer [version 1.73] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="iso-8859-1" quit +OK Logging out Connection closed by foreign host.
Explanation: list gives you a list of your mails retr 3 opens mail 3 top 1 0 opens mailheaders from mail 1 top 1 5 opens mail with the first 5 lines of mail 1

Connect to an IMAP-Server with TELNET

Working with IMAP is more complicated, because IMAP is far more complex than POP3. You should check RFC3501, if you are interested in this protocol. Via TELNET, you are able to remove, create and rename folders and read and write and change your mails serverside. Here's a piece of code:
spielprinzip@warz61m:/$ telnet imap.example.com 143 Trying 93.13.131.215... Connected to imap.example.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] exampleserver.com mailserver ready.
Loggin in using your username and password, again, data will be transferred unencrypted on the net
cc login USERNAME PASSWORD cc OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
Get a list of all your folders on root level
. list "" "*" * LIST (\NoInferiors \UnMarked) "/" "zzz" * LIST (\NoInferiors \UnMarked) "/" "Drafts" * LIST (\NoInferiors \UnMarked) "/" "INBOX" . OK List completed.
Keep the session going, you can do this from time to time
.noop . OK NOOP completed.
List Sub-Folders in Folder "Sent"
. list "" "Sent" * LIST (\NoInferiors \UnMarked) "/" "Sent" . OK List completed.
Get status of Folder INBOX
. status INBOX (messages) * STATUS "INBOX" (MESSAGES 736) . OK Status completed.
opens folder INBOX in READ-ONLY mode (for writing, use SELECT)
. examine INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft $MDNSent $Forwarded $label1 $label2 $label5 Junk NonJunk $notjunk) * OK [PERMANENTFLAGS ()] Read-only mailbox. * 736 EXISTS * 0 RECENT * OK [UNSEEN 49] First unseen. * OK [UIDVALIDITY 1262898431] UIDs valid * OK [UIDNEXT 7207] Predicted next UID * OK [HIGHESTMODSEQ 36719] Highest . OK [READ-ONLY] Select completed.
fetch some flags
. fetch 1:2 flags * 1 FETCH (FLAGS (\Seen)) * 2 FETCH (FLAGS (\Seen)) . OK Fetch completed.
fetch header of mail 1
. fetch 1 rfc822.header Return-Path: X-Original-To: hello@spielprinzip.com Delivered-To: user@exampleserver.com X-policyd-weight: using cached result; rate: -7.6 X-Greylist: delayed 1756 seconds by postgrey-1.31 at dd22012; Sun, 24 Jan 2010 23:57:06 CET Received: from example.net (unknown [143.99.61.57]) by example.example.com (Postfix) with ESMTPS id 398923DEDE7 for ; Sun, 24 Jan 2010 23:57:05 +0100 (CET) Received: from example by example.net with local (Exim 4.68) (envelope-from ) id UISID-0008k0-3X for hello@spielprinzip.com; Sun, 24 Jan 2010 23:27:43 +0100 Date: Sun, 24 Jan 2010 23:27:43 +0100 To: "hello@spielprinzip.com" From: ADMIN Reply-to:ADMIN Subject: a test email Message-ID: X-Priority: 3 X-Mailer: PHPMailer [version 1.73] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="iso-8859-1"
With IMAP, it's possible to establish an encrypted connection via open_ssl for example. Dig into the web, if you are interested in this topic. It's not easy though...

Get a HTTP-Resource with TELNET

Another useful task for TELNET is grabbing HTTP resources, for example a webpage. Again, establish a TELNET session. 80 is the port, HTTP is commonly listening to:
spielprinzip@warmachine:/$ telnet spielprinzip.com 80 Trying 85.13.141.215... Connected to spielprinzip.com. Escape character is '^]'.
Now, tell the webserver, which file you want to have, and which host he should use
GET /index.php HTTP/1.1 HOST: spielprinzip.com
Press ENTER twice, since this is the delimiter of the HTTP-Header and the body. Writing code, you would use something like this: \r\n\r\n And here's the content:
HTTP/1.1 301 Moved Permanently Date: Sun, 07 Aug 2011 21:30:43 GMT Server: Apache X-Powered-By: PHP/5.2.12-nmm2 Set-Cookie: PHPSESSID=0faed70fd1210cc3f644230cf6cac7ee; path=/ X-Pingback: http://spielprinzip.com/blog/xmlrpc.php Location: http://spielprinzip.com/blog/ Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Connection closed by foreign host.
Passing GET-Parameters is a piece of cake:
GET /telnet_1.php?p=true&t=something HTTP/1.1 HOST: spielprinzip.com
For Testing with POST, one should go the easier way and use cURL, wget or some scripting language. Telnet might not be the perfect tool for this kind of testing.

Get a HTTPS-Resource with TELNET

Sending custom headers to a https website, using open_ssl and s_client
openssl s_client -connect example.com:443 GET / HTTP/1.1 HOST:example.com mycustomheader: soho