Tutorial Malware Research | "Bypass"

XURY

XURY

Member
Joined
May 9, 2015
Messages
60
Reaction score
96
Points
53
Hey guys :) !
Sadly some people urgently felt the need to exploit the RFI Vuln in Teamspeak for malicious purposes and some still do.
So now you may ask how to find out the IP of their server which their 1337.bat is located on without changing your teamspeak client version...

Here is the solution:

1. Open CheatEngine and search for the string you are able to see.
mSP1Zpb.png

1PQzz10.png

2. Lock the found value and change it to nothing!
7fT878e.png

3. Reopen the Window and you should be able to see the IP ;)!
giCEFbA.png


Happy malware hunting!
 
P

Pider2k3

Member
Joined
Jan 2, 2016
Messages
21
Reaction score
12
Points
35
For real?

It is possible to set a .bat file as banner filetype?
Is this fixed???
 
XURY

XURY

Member
Joined
May 9, 2015
Messages
60
Reaction score
96
Points
53
Yes. It is :D It wasn't just the .bat itself but the parameters in the .bat file indicating it could be an image. The second vuln you can see here is the directory traversal. Almost every version >3.0.18.2 is exploitable
 
You must log in or register to reply here.
Top