[TS3 Exploit] Server crasher.

nerdsupreme · 01/05/2015, 13:56

Hey,

i want to share my own TS3 Server exploit/servercrasher with you.

The exploit uses a vulnarability in ServerQuery. Any server with ServerQuery running is exploitable atm. It is written in Delphi language.

I kept the program easy:

1) type the IP/Host eg. 127.0.0.1 or voice.teamspeak.com into the field.
2) Press Crash it!
3) wait 5 seconds and the program will tell you if it worked or not.

Have fun !

Just delete the song.mp3 if you don't want to listen to it.

Download:

Password:
epvp

VT:

0 / 56

Icy. · 01/05/2015, 14:06

Legend

Devsome · 01/05/2015, 14:18

Would you like to share the source ?

nerdsupreme · 01/05/2015, 14:22

Quote:

Originally Posted by Devsome

Would you like to share the source ?

No sorry.
I don't want to let the kids c&p it..

But i didn't use any protection. You could easily sniff the packets i send or debug it with olly

When it is patched i will share it.

Devsome · 01/05/2015, 14:24

Quote:

Originally Posted by nerdsupreme

No sorry.
I don't want to let the kids c&p it..

But i didn't use any protection. You could easily sniff the packets i send or debug it with olly
When it is patched i will share it.

Then I will sniff the packets when I'm back at home (:

Ende! · 01/05/2015, 18:06

Just had a look at it in IDA (IDA's Delphi RTTI parsing = OP), good find. If I were you, I'd publish it somewhere more .. scientific, with source -- someone else WILL claim the credits for himself if you don't.

Edit: Also, as this is delivered as a binary, I noticed a serious lack of chiptunes in this tool. :P

nerdsupreme · 01/05/2015, 18:49

Quote:

Originally Posted by Ende!

Also, as this is delivered as a binary, I noticed a serious lack of chiptunes in this tool. :P

haha.. inb4update.

Quote:

Originally Posted by Ende!

Just had a look at it in IDA (IDA's Delphi RTTI parsing = OP), good find. If I were you, I'd publish it somewhere more .. scientific, with source -- someone else WILL claim the credits for himself if you don't.

Yes you are right, that will probably happen, but i don't really care

This exploit is not that much

Quote:

Originally Posted by Icy.

Legend

- but still kind of funny

I think that the people who are able to analyze my tool should be entitled access to it themselves.

Ende! · 01/06/2015, 01:20

Quote:

Originally Posted by Don't_care

Selling fix for 5€

I hate this kind of people ..

Code:

iptables -I INPUT 1 -ptcp --dport 10011 -jDROP

.. or just disable the SQ entirely (is that possible?).

Don't_care · 01/06/2015, 01:24

Now that you published the complicated solution i guess I can come forward with the recommended one:
Update your server to 3.0.11.2

YatoDev · 01/06/2015, 12:11

i dont find any server where this is working

thought i could have some fun^^

GentlemanBoostingService · 01/06/2015, 17:21

Wenn ich das auf einen Server mache, kann einer herausfinden wer das war?

If I use this programm for a server, can anyone find out who it was?

Don't_care · 01/06/2015, 17:36

Ich halt es für unwahrscheinlich.
Kommt allerdings drauf an, wie gut sich der Serverbetreiber damit auseinandersetzt.
Teamspeak ist grundsätzlich sehr logfaul.
Ich finde genau 1 Zeile dazu und die lässt keinen Schluss auf den Verursacher.

Da ich nicht weiß, was genau das Programm hier macht, weiß ich auch nicht, wo man es loggen könnte.
Aber irgendwo muss ja ein Zugriff erfolgt sein und in einem Punkt ist teamspeak in Ordnung: timestamp
2015-01-05 23:49:06.827432
Man kann es also sehr leicht mit ggf. vorhandenen Logs abgleichen.
Riesiger Faktor hierbei allerdings: "ggf. vorhandenen".

Nanoxx™ · 01/07/2015, 19:34

habe schon paar server crashed

Lyolikx · 01/07/2015, 20:40

Funktioniert bei vielen Servern, aber warum soll man dich kontaktieren, wenn es nicht klappt ?

.CяιMe™ · 01/07/2015, 20:55

Also bei mir hat es bisher bei keinem einzigen geklappt.
Woran kann man denn erkennen, ob der Server ServerQuery hat?

€; Habs raus, trotzdem danke.