Tutorial Malware Research | "Bypass"

XURY · Dec 16, 2015

Hey guys

!

Sadly some people urgently felt the need to exploit the RFI Vuln in Teamspeak for malicious purposes and some still do.
So now you may ask how to find out the IP of their server which their 1337.bat is located on without changing your teamspeak client version...

Here is the solution:

1. Open CheatEngine and search for the string you are able to see.

2. Lock the found value and change it to nothing!

3. Reopen the Window and you should be able to see the IP

!

Happy malware hunting!

Pider2k3 · Jan 5, 2016

For real?

It is possible to set a .bat file as banner filetype?
Is this fixed???

XURY · Jan 5, 2016

Yes. It is

It wasn't just the .bat itself but the parameters in the .bat file indicating it could be an image. The second vuln you can see here is the directory traversal. Almost every version >3.0.18.2 is exploitable

Supervisor · Jan 5, 2016

Pider2k3 said:
Is this fixed???

It got fixed in 3.0.18.2
So you can use it till 3.0.18.1

Tutorial Malware Research | "Bypass"

XURY

Member

Pider2k3

Member

XURY

Member

Supervisor