[TS3 Exploit] Server crasher.

Page 1 of 2 1 2
01/05/2015 13:56 nerdsupreme#1

Hey,

i want to share my own TS3 Server exploit/servercrasher with you.

[Only registered and activated users can see links. Click Here To Register...]

The exploit uses a vulnarability in ServerQuery. Any server with ServerQuery running is exploitable atm. It is written in Delphi language.

I kept the program easy:

1) type the IP/Host eg. 127.0.0.1 or voice.teamspeak.com into the field.
2) Press Crash it!
3) wait 5 seconds and the program will tell you if it worked or not.

Have fun !

Just delete the song.mp3 if you don't want to listen to it.

Download:
[Only registered and activated users can see links. Click Here To Register...]


Password:
epvp


VT:
[Only registered and activated users can see links. Click Here To Register...]

0 / 56
01/05/2015 14:06 Icy.#2
Legend
01/05/2015 14:18 Devsome#3
Would you like to share the source ?
01/05/2015 14:22 nerdsupreme#4
Quote:
Originally Posted by Devsome View Post
Would you like to share the source ?
No sorry.
I don't want to let the kids c&p it..

But i didn't use any protection. You could easily sniff the packets i send or debug it with olly :)
When it is patched i will share it.
01/05/2015 14:24 Devsome#5
Quote:
Originally Posted by nerdsupreme View Post
No sorry.
I don't want to let the kids c&p it..

But i didn't use any protection. You could easily sniff the packets i send or debug it with olly :)
When it is patched i will share it.
Then I will sniff the packets when I'm back at home (:
01/05/2015 18:06 Ende!#6
Just had a look at it in IDA (IDA's Delphi RTTI parsing = OP), good find. If I were you, I'd publish it somewhere more .. scientific, with source -- someone else WILL claim the credits for himself if you don't.

Edit: Also, as this is delivered as a binary, I noticed a serious lack of chiptunes in this tool. :P
01/05/2015 18:49 nerdsupreme#7
Quote:
Originally Posted by Ende! View Post
Also, as this is delivered as a binary, I noticed a serious lack of chiptunes in this tool. :P
haha.. inb4update.

Quote:
Originally Posted by Ende! View Post
Just had a look at it in IDA (IDA's Delphi RTTI parsing = OP), good find. If I were you, I'd publish it somewhere more .. scientific, with source -- someone else WILL claim the credits for himself if you don't.
Yes you are right, that will probably happen, but i don't really care:pimp:
This exploit is not that much
Quote:
Originally Posted by Icy. View Post
Legend
- but still kind of funny ;)

I think that the people who are able to analyze my tool should be entitled access to it themselves.
:rolleyes:
01/06/2015 01:20 Ende!#8
Quote:
Originally Posted by Don't_care View Post
Selling fix for 5€ :)
I hate this kind of people ..

Code:
iptables -I INPUT 1 -ptcp --dport 10011 -jDROP
.. or just disable the SQ entirely (is that possible?).
01/06/2015 01:24 Don't_care#9
Now that you published the complicated solution i guess I can come forward with the recommended one:
Update your server to 3.0.11.2
01/06/2015 12:11 YatoDev#10
i dont find any server where this is working :( thought i could have some fun^^
01/06/2015 17:21 GentlemanBoostingService#11
Wenn ich das auf einen Server mache, kann einer herausfinden wer das war?

If I use this programm for a server, can anyone find out who it was?
01/06/2015 17:36 Don't_care#12
Ich halt es für unwahrscheinlich.
Kommt allerdings drauf an, wie gut sich der Serverbetreiber damit auseinandersetzt.
Teamspeak ist grundsätzlich sehr logfaul.
Ich finde genau 1 Zeile dazu und die lässt keinen Schluss auf den Verursacher.

Da ich nicht weiß, was genau das Programm hier macht, weiß ich auch nicht, wo man es loggen könnte.
Aber irgendwo muss ja ein Zugriff erfolgt sein und in einem Punkt ist teamspeak in Ordnung: timestamp
2015-01-05 23:49:06.827432
Man kann es also sehr leicht mit ggf. vorhandenen Logs abgleichen.
Riesiger Faktor hierbei allerdings: "ggf. vorhandenen".
01/07/2015 19:34 Nanoxx™#13
habe schon paar server crashed :D :D
01/07/2015 20:40 Lyolikx#14
Funktioniert bei vielen Servern, aber warum soll man dich kontaktieren, wenn es nicht klappt ?
01/07/2015 20:55 .CяιMe™#15
Also bei mir hat es bisher bei keinem einzigen geklappt.
Woran kann man denn erkennen, ob der Server ServerQuery hat?

€; Habs raus, trotzdem danke.
Page 1 of 2 1 2