Monday, May 25, 2009

The telnet hack


One of the most famous and useful hacks either when testing websites or firewall access to websites is “the telnet hack”. When you think of it, a web browser is just like an advanced telnet client executing HTTP commands. Thus using the classic telnet application and writing the HTTP commands your self has proven a good way of testing both website content and website access through firewalls. The syntax is: telnet <server> <port>



Get webserver version


# telnet www.httpforum.com 80
Trying 80.166.163.20…
Connected to www.httpforum.com (80.166.163.20).
Escape character is ‘^]’.
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2005 18:44:46 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=utf-8

Connection closed by foreign host.

So this shows us that www.httpforum.com is running Apache and the webservers default character set is UTF-8

Is the site available


# telnet www.httpforum.com 80
Trying 80.166.163.20…
telnet: connect to address 80.166.163.20: Connection refused telnet:
Unable to connect to remote host: Connection refused

Well, seems like I have forgotten to open port 80 in the firewall, or that the webserver is not running. Please note that if there is a firewall between the webserver and your client, the telnet hack is a far better option than ping, as the ping protocol is most likely limited by the firewall. People who pings a webserver and get no respons from the host, often take this as a proof the webserver is not started or that it’s network services are not running, but since ping is disabled by most firewalls, you can’t trust the ping command. In addition, tracert/traceroute command is also often blocked in firewalls, so you can’t trust that command either. The telnet hack is the only sure method of checking if the firewall is open on the web port (default 80 for HTTP and default 443 for HTTPS).

No comments:

Post a Comment