Name Exploit

iJoris · May 28, 2015

Name exploit

Turn any name that contains one of the following letters: a c e o in the same looking name.

Example:

Works with the latest teamspeak version and some online forums.

Download:
http://ge.tt/3lshWFH2/v/0
Password: r4p3

Virustotal: https://www.virustotal.com/nl/file/...5896397add33506c46fc2c39/analysis/1432815170/

Source code:

Code:

Dim name = TextBox1.Text
        If InStr(name, "a") > 0 Then
            Dim exploited_name As String = Replace(name, "a", "а")
            TextBox2.Text = exploited_name
        ElseIf InStr(name, "c") Then
            Dim exploited_name As String = Replace(name, "c", "с")
            TextBox2.Text = exploited_name
        ElseIf InStr(name, "e") Then
            Dim exploited_name As String = Replace(name, "e", "е")
            TextBox2.Text = exploited_name
        ElseIf InStr(name, "o") Then
            Dim exploited_name As String = Replace(name, "o", "о")
            TextBox2.Text = exploited_name
        Else
            MessageBox.Show("Name can't be exploited")
        End If

Asphyxia · May 28, 2015

Is there any way you can post the source to this (only if you want to) --- I'm interested in converting this application to JS (JavaScript), that way someone can just type a name into a textbox and the JS can put the cloned name in a text field. This would make it so that someone can just do this on a website instead of having to download and run an application.

iJoris · May 28, 2015

Asphyxia said:
Is there any way you can post the source to this (only if you want to) --- I'm interested in converting this application to JS (JavaScript), that way someone can just type a name into a textbox and the JS can put the cloned name in a text field. This would make it so that someone can just do this on a website instead of having to download and run an application.

First time i used vb.net, so the source is shit i think.
But since i'm a big supporter of open source i posted the source in the OP.
Have fun.
If you need any help with it in javascript ( because i know that better then vb.net ) pm me.

Bluscream · Jun 10, 2015

I think about making a TS plugin for that

EDIT:
I continue working tomorrow

Code:

void ts3plugin_onMenuItemEvent(uint64 serverConnectionHandlerID, enum PluginMenuType type, int menuItemID, uint64 selectedItemID) {
    char* nickname;
    //char* nickname2;
    std::string str2 = "-";
    if (type == PLUGIN_MENU_TYPE_CLIENT) {
        switch(menuItemID) {
            case MENU_ID_CLIENT_1: {
                if (ts3Functions.getClientVariableAsString(serverConnectionHandlerID, selectedItemID, CLIENT_NICKNAME, &nickname) == ERROR_ok) {
                    /*
                    If InStr(name, "a") > 0 Then
                        Dim exploited_name As String = Replace(name, "a", "а")
                        TextBox2.Text = exploited_name
                    ElseIf InStr(name, "c") Then
                        Dim exploited_name As String = Replace(name, "c", "с")
                        TextBox2.Text = exploited_name
                    ElseIf InStr(name, "e") Then
                        Dim exploited_name As String = Replace(name, "e", "е")
                        TextBox2.Text = exploited_name
                    ElseIf InStr(name, "o") Then
                        Dim exploited_name As String = Replace(name, "o", "о")
                    */
                    std::string str = nickname;
                    str.append(str2);
                    char* nickname2 = str;
                    if (ts3Functions.setClientSelfVariableAsString(serverConnectionHandlerID, CLIENT_NICKNAME, nickname2) == ERROR_ok) {
                        ts3Functions.printMessageToCurrentTab("Successfully faked clients name.");
                    } else {
                        MessageBoxA(0, "Unable to set own nickname!", PLUGIN_NAME "ERROR", MB_ICONERROR);
                    }
                } else {
                    MessageBoxA(0, "Unable to get client nickname!", PLUGIN_NAME "ERROR", MB_ICONERROR);
                    return;
                }
                break;
            } default: {
                    break;
            }
        }
    }
}

iJoris · Jun 10, 2015

Bluscream said:

I think about making a TS plugin for that

EDIT:
I continue working tomorrow

Code:

void ts3plugin_onMenuItemEvent(uint64 serverConnectionHandlerID, enum PluginMenuType type, int menuItemID, uint64 selectedItemID) {
    char* nickname;
    //char* nickname2;
    std::string str2 = "-";
    if (type == PLUGIN_MENU_TYPE_CLIENT) {
        switch(menuItemID) {
            case MENU_ID_CLIENT_1: {
                if (ts3Functions.getClientVariableAsString(serverConnectionHandlerID, selectedItemID, CLIENT_NICKNAME, &nickname) == ERROR_ok) {
                    /*
                    If InStr(name, "a") > 0 Then
                        Dim exploited_name As String = Replace(name, "a", "а")
                        TextBox2.Text = exploited_name
                    ElseIf InStr(name, "c") Then
                        Dim exploited_name As String = Replace(name, "c", "с")
                        TextBox2.Text = exploited_name
                    ElseIf InStr(name, "e") Then
                        Dim exploited_name As String = Replace(name, "e", "е")
                        TextBox2.Text = exploited_name
                    ElseIf InStr(name, "o") Then
                        Dim exploited_name As String = Replace(name, "o", "о")
                    */
                    std::string str = nickname;
                    str.append(str2);
                    char* nickname2 = str;
                    if (ts3Functions.setClientSelfVariableAsString(serverConnectionHandlerID, CLIENT_NICKNAME, nickname2) == ERROR_ok) {
                        ts3Functions.printMessageToCurrentTab("Successfully faked clients name.");
                    } else {
                        MessageBoxA(0, "Unable to set own nickname!", PLUGIN_NAME "ERROR", MB_ICONERROR);
                    }
                } else {
                    MessageBoxA(0, "Unable to get client nickname!", PLUGIN_NAME "ERROR", MB_ICONERROR);
                    return;
                }
                break;
            } default: {
                    break;
            }
        }
    }
}

Good work!

Here are more characters that can be exploited:
$a = array('O', 'o', 'e', 'E', 'c', 'C', 'a', 'A', 'B', 'T', 'X', 'x');
$b = array('О', 'о', 'е', 'Е', 'с', 'С', 'а', 'А', 'В', 'Т', 'Х', 'х');

$a are normal letters, $b are the exploited version.

Bluscream · Jun 10, 2015

Thanks Joris for your application that gave me the idea and the chars ^^ I will credit you when the plugin is finished

Code:

void ts3plugin_onMenuItemEvent(uint64 serverConnectionHandlerID, enum PluginMenuType type, int menuItemID, uint64 selectedItemID) {
    bool foundChar = false;
    char* nickname;
    int i;
    anyID ClientID;
    const char search[] = { 'O', 'o', 'e', 'E', 'c', 'C', 'a', 'A', 'B', 'T', 'X', 'x', '\0' };
    const char replace[] = { 'О', 'о', 'е', 'Е', 'с', 'С', 'а', 'А', 'В', 'Т', 'Х', 'х', '\0' };
    char* addition = "ᅚᅚᅚᅚ";
    if (type == PLUGIN_MENU_TYPE_CLIENT) {
        switch (menuItemID) {
        case MENU_ID_CLIENT_1: {
            if (ts3Functions.getClientVariableAsString(serverConnectionHandlerID, selectedItemID, CLIENT_NICKNAME, &nickname) == ERROR_ok) {
                for (i = 0; search != '\0'; i++) {
                    //if (strstr(nickname, search[i])) {
                        //replace(char)
                        foundChar = true;
                    //}
                }
                if (foundChar == false) {
                    //str.append(nickname,addition)
                }
                if (ts3Functions.setClientSelfVariableAsString(serverConnectionHandlerID, CLIENT_NICKNAME, nickname) == ERROR_ok) {
                    ts3Functions.flushClientSelfUpdates(serverConnectionHandlerID, NULL);
                    ts3Functions.printMessageToCurrentTab("Successfully faked clients name.");
                }
                else {
                    MessageBoxA(0, "Unable to set own nickname!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                }
                MessageBoxA(0, nickname, PLUGIN_NAME "ERROR", MB_ICONERROR);
            }
            else {
                MessageBoxA(0, "Unable to get client nickname!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                return;
            }
            break;
        case MENU_ID_CLIENT_2: {
            if (ts3Functions.getClientVariableAsString(serverConnectionHandlerID, selectedItemID, CLIENT_NICKNAME_PHONETIC, &nickname) == ERROR_ok) {
                if (ts3Functions.setClientSelfVariableAsString(serverConnectionHandlerID, CLIENT_NICKNAME_PHONETIC, nickname) == ERROR_ok) {
                    ts3Functions.flushClientSelfUpdates(serverConnectionHandlerID, NULL);
                    ts3Functions.printMessageToCurrentTab("Successfully faked clients phonetic name.");
                }
                else {
                    MessageBoxA(0, "Unable to set own phonetic nickname!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                }
            }
            else {
                MessageBoxA(0, "Unable to get client phonetic nickname!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                return;
            }
            break;
        case MENU_ID_CLIENT_3: {
            if (ts3Functions.getClientVariableAsString(serverConnectionHandlerID, selectedItemID, CLIENT_DESCRIPTION, &nickname) == ERROR_ok) {
                ts3Functions.getClientID(serverConnectionHandlerID, &ClientID);
                ts3Functions.requestClientEditDescription(serverConnectionHandlerID, ClientID, nickname, NULL);
                ts3Functions.printMessageToCurrentTab("Successfully faked clients description.");
            }
            else {
                MessageBoxA(0, "Unable to get client description!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                return;
            }
            break;
        } default: {
            break;
        }
        }
        }
        }
    }
}

iJoris · Jun 10, 2015

Bluscream said:

Thanks Joris for your application that gave me the idea and the chars ^^ I will credit you when the plugin is finished

Code:

void ts3plugin_onMenuItemEvent(uint64 serverConnectionHandlerID, enum PluginMenuType type, int menuItemID, uint64 selectedItemID) {
    bool foundChar = false;
    char* nickname;
    int i;
    anyID ClientID;
    const char search[] = { 'O', 'o', 'e', 'E', 'c', 'C', 'a', 'A', 'B', 'T', 'X', 'x', '\0' };
    const char replace[] = { 'О', 'о', 'е', 'Е', 'с', 'С', 'а', 'А', 'В', 'Т', 'Х', 'х', '\0' };
    char* addition = "ᅚᅚᅚᅚ";
    if (type == PLUGIN_MENU_TYPE_CLIENT) {
        switch (menuItemID) {
        case MENU_ID_CLIENT_1: {
            if (ts3Functions.getClientVariableAsString(serverConnectionHandlerID, selectedItemID, CLIENT_NICKNAME, &nickname) == ERROR_ok) {
                for (i = 0; search != '\0'; i++) {
                    //if (strstr(nickname, search[i])) {
                        //replace(char)
                        foundChar = true;
                    //}
                }
                if (foundChar == false) {
                    //str.append(nickname,addition)
                }
                if (ts3Functions.setClientSelfVariableAsString(serverConnectionHandlerID, CLIENT_NICKNAME, nickname) == ERROR_ok) {
                    ts3Functions.flushClientSelfUpdates(serverConnectionHandlerID, NULL);
                    ts3Functions.printMessageToCurrentTab("Successfully faked clients name.");
                }
                else {
                    MessageBoxA(0, "Unable to set own nickname!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                }
                MessageBoxA(0, nickname, PLUGIN_NAME "ERROR", MB_ICONERROR);
            }
            else {
                MessageBoxA(0, "Unable to get client nickname!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                return;
            }
            break;
        case MENU_ID_CLIENT_2: {
            if (ts3Functions.getClientVariableAsString(serverConnectionHandlerID, selectedItemID, CLIENT_NICKNAME_PHONETIC, &nickname) == ERROR_ok) {
                if (ts3Functions.setClientSelfVariableAsString(serverConnectionHandlerID, CLIENT_NICKNAME_PHONETIC, nickname) == ERROR_ok) {
                    ts3Functions.flushClientSelfUpdates(serverConnectionHandlerID, NULL);
                    ts3Functions.printMessageToCurrentTab("Successfully faked clients phonetic name.");
                }
                else {
                    MessageBoxA(0, "Unable to set own phonetic nickname!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                }
            }
            else {
                MessageBoxA(0, "Unable to get client phonetic nickname!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                return;
            }
            break;
        case MENU_ID_CLIENT_3: {
            if (ts3Functions.getClientVariableAsString(serverConnectionHandlerID, selectedItemID, CLIENT_DESCRIPTION, &nickname) == ERROR_ok) {
                ts3Functions.getClientID(serverConnectionHandlerID, &ClientID);
                ts3Functions.requestClientEditDescription(serverConnectionHandlerID, ClientID, nickname, NULL);
                ts3Functions.printMessageToCurrentTab("Successfully faked clients description.");
            }
            else {
                MessageBoxA(0, "Unable to get client description!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                return;
            }
            break;
        } default: {
            break;
        }
        }
        }
        }
    }
}

Awe-some!!

Supervisor · Jun 10, 2015

This is looking very nice! I'll try it tomorrow.

/edit: oh wait, you have to upload first xD

Derp · Aug 23, 2015

Not a valid Win32 Application

self.add() · Oct 28, 2015

Here are some more:

Code:

const char search[] = { 'A', 'A', 'B', 'B', 'C', 'E', 'E', 'H', 'H', 'I', 'I', 'J', 'K', 'K', 'M', 'M', 'N', 'O', 'O', 'P', 'Q', 'S', 'T', 'T', 'X', 'X', 'Y', 'Y', 'Z', 'a', 'c', 'd', 'e', 'h', 'i', 'j', 'o', 'o', 'p', 'q', 's', 'w', 'x', 'y', 'z' ,' '}
const char replace[] = { 'Α', 'А', 'Β', 'В', 'С', 'Ε', 'Е', 'Η', 'Н', 'Ι', 'І', 'Ј', 'Κ', 'К', 'Μ', 'М', 'Ν', 'Ο', 'О', 'Р', 'Ԛ', 'Ѕ', 'Τ', 'Т', 'Χ', 'Х', 'Υ', 'Ү', 'Ζ', 'а', 'с', 'ԁ', 'е', 'һ', 'і', 'ј', 'ο', 'о', 'р', 'ԛ', 'ѕ', 'ᴡ', 'х', 'у', 'ᴢ', ' '}

Could use a randomizer to randomize between multiple characters.
I did not put the "very close but noticeable" characters in since they'd destroy the illusion.
Characters in the array that seem to differ don't differ in TeamSpeak 3. All characters are tested.

Code:

const char search[] = { 'fi', 'fl', 'ij' }
const char replace[] = { 'ﬁ', 'ﬂ', 'ĳ' }

TronixYT · Dec 17, 2015

Bluscream said:

Thanks Joris for your application that gave me the idea and the chars ^^ I will credit you when the plugin is finished

Code:

void ts3plugin_onMenuItemEvent(uint64 serverConnectionHandlerID, enum PluginMenuType type, int menuItemID, uint64 selectedItemID) {
    bool foundChar = false;
    char* nickname;
    int i;
    anyID ClientID;
    const char search[] = { 'O', 'o', 'e', 'E', 'c', 'C', 'a', 'A', 'B', 'T', 'X', 'x', '\0' };
    const char replace[] = { 'О', 'о', 'е', 'Е', 'с', 'С', 'а', 'А', 'В', 'Т', 'Х', 'х', '\0' };
    char* addition = "ᅚᅚᅚᅚ";
    if (type == PLUGIN_MENU_TYPE_CLIENT) {
        switch (menuItemID) {
        case MENU_ID_CLIENT_1: {
            if (ts3Functions.getClientVariableAsString(serverConnectionHandlerID, selectedItemID, CLIENT_NICKNAME, &nickname) == ERROR_ok) {
                for (i = 0; search != '\0'; i++) {
                    //if (strstr(nickname, search[i])) {
                        //replace(char)
                        foundChar = true;
                    //}
                }
                if (foundChar == false) {
                    //str.append(nickname,addition)
                }
                if (ts3Functions.setClientSelfVariableAsString(serverConnectionHandlerID, CLIENT_NICKNAME, nickname) == ERROR_ok) {
                    ts3Functions.flushClientSelfUpdates(serverConnectionHandlerID, NULL);
                    ts3Functions.printMessageToCurrentTab("Successfully faked clients name.");
                }
                else {
                    MessageBoxA(0, "Unable to set own nickname!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                }
                MessageBoxA(0, nickname, PLUGIN_NAME "ERROR", MB_ICONERROR);
            }
            else {
                MessageBoxA(0, "Unable to get client nickname!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                return;
            }
            break;
        case MENU_ID_CLIENT_2: {
            if (ts3Functions.getClientVariableAsString(serverConnectionHandlerID, selectedItemID, CLIENT_NICKNAME_PHONETIC, &nickname) == ERROR_ok) {
                if (ts3Functions.setClientSelfVariableAsString(serverConnectionHandlerID, CLIENT_NICKNAME_PHONETIC, nickname) == ERROR_ok) {
                    ts3Functions.flushClientSelfUpdates(serverConnectionHandlerID, NULL);
                    ts3Functions.printMessageToCurrentTab("Successfully faked clients phonetic name.");
                }
                else {
                    MessageBoxA(0, "Unable to set own phonetic nickname!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                }
            }
            else {
                MessageBoxA(0, "Unable to get client phonetic nickname!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                return;
            }
            break;
        case MENU_ID_CLIENT_3: {
            if (ts3Functions.getClientVariableAsString(serverConnectionHandlerID, selectedItemID, CLIENT_DESCRIPTION, &nickname) == ERROR_ok) {
                ts3Functions.getClientID(serverConnectionHandlerID, &ClientID);
                ts3Functions.requestClientEditDescription(serverConnectionHandlerID, ClientID, nickname, NULL);
                ts3Functions.printMessageToCurrentTab("Successfully faked clients description.");
            }
            else {
                MessageBoxA(0, "Unable to get client description!", PLUGIN_NAME " ERROR", MB_ICONERROR);
                return;
            }
            break;
        } default: {
            break;
        }
        }
        }
        }
    }
}

What is PermChanSwitcher in ur Plugins?

^.^

King_Tesla · Jan 26, 2021

hi to every one the link of this program is expired please give me new link

Asphyxia · Jan 31, 2021

OP is last seen 2017 - pretty sure this is a dead post. I would recommend switching to Mumble though if you are having problems.
teamSpeak has a fairly awful implementation of their protocol. Just do a password protected Mumble (murmur) server since you mentioned your server is acting up

Name Exploit

iJoris

Member

Asphyxia

Owner

iJoris

Member

Bluscream

iJoris

Member

Bluscream

iJoris

Member

Supervisor

Derp

self.add()

Member

TronixYT

Member

King_Tesla

New Member

Asphyxia

Owner