R4P3 TeamSpeak Server Crash [ till 3.0.12.4-Beta 1 ]

[Qraktzyl]

We are a security research team. We found flaws in a software and released them so we can get heard. Yes, Teamspeak had pretty big flaws but they might wanna work with us depending on a lot of factors, we do not know yet. We are not blackhats, we want good for the software. We might release the crash, we do not know yet. We have no idea how they will react on the meeting.

We changed our world the way we wanted it to be, how it is supposed to be. It's far from over. There are a shitload of things to improve, and we are going to fight for it. It's not about the donations, it's about what's right and wrong. It's wrong to use a software that could get easily exploited and we proved it, and we basically forced them to fix it.

We are not a blackhat community, altough we hope you enjoy the ride while sometimes we might have to force things up to be heard.

 

[Asphyxia]

VIP donations are donations, we are not selling anything. As a thanks for donations, we do allow for a higher level of access in the forum. We are not selling out, if we were selling out TeamSpeak would own our website. Just because we are delaying on the release/publishing of a tool does not mean we are sold. We are not making any quick decisions. We have a large number of people donating because they feel safer with us doing research, we also have people donating that enjoy testing the PoC.

No one wants their server to be crashed though. If you ran a server, would you want your server to be crashed? No --- don't be dumb.

We are only trying to keep things somewhat professional. If we come to an agreement with TeamSpeak, everyone will be notified. If we don't, everyone will be notified. So, just standby and relax.

 

[xPRoTeiNN]

Teamspeak not wanna work with you. You are trying to force them. You found an exploit that cannot solve completely and using it to join teamspeak dev team or something else. And this means you are blackhats! Because just blackhats uses the flaws for their good!

I am not saying aything for donations. This is normal. But you are trying to play big now.
This is just like that : i hacked some bank and want money from them otherwise i will hurt them. And you want work with them. This is absolutely blackhats doing. Dont foolish yourself

 

[0x0539]

OHHH HUH U NO... UHHHH. I JUST LOVE CRASHING MY OWN SERVER SO MUCH!
*cough*

I like it too, the people on my own server don't like it very much tho.

 

[Member 2873]

I like it too, the people on my own server don't like it very much tho.

yeah the people on my own server *cough*cough*

 

[0x0539]

But you are trying to play big now.

The last 4 exploits on TS3 were because of R4P3, would you feel small?

*cough*cough*

Everyone is catching a cold... first @rofl cake on the community announcement, now you...

 

[Member 2873]

Everyone is catching a cold... first @rofl cake on the community announcement, now you...

that damn man gave me the plague, i'm coughing all about
I just want to crash my own server *cough* *COUGHHHHHHHHHH*

 

[Asphyxia]

Teamspeak not wanna work with you. You are trying to force them. You found an exploit that cannot solve completely and using it to join teamspeak dev team or something else. And this means you are blackhats! Because just blackhats uses the flaws for their good!

I am not saying aything for donations. This is normal. But you are trying to play big now.
This is just like that : i hacked some bank and want money from them otherwise i will hurt them. And you want work with them. This is absolutely blackhats doing. Dont foolish yourself

It's actually not that simple, I don't think you understand. Don't call us fools, if we are fools then why are you here? What would that make you, an ultra fool?

 

[xPRoTeiNN]

It's actually not that simple, I don't think you understand. Don't call us fools, if we are fools then why are you here? What would that make you, an ultra fool?

That was not i ment to. I said if you are saying that "we are not blackhats" you just lie yourself. I didnt say you fool. This what are you doing here is very smart i know that dont worry

 

[Asphyxia]

That was not i ment to. I said if you are saying that "we are not blackhats" you just lie yourself. I didnt say you fool. This what are you doing here is very smart i know that dont worry

I still would not call it blackhat, blackhats would keep releasing exploit tools all the time and raising the prices on them. We are not doing this.

We are giving TeamSpeak a choice to work with us. If they do not work with us, that is their choice and we will keep doing what we need to do for our community to run aka release magic executable files.

No matter what we do or how we do it, our main focus is to increase TeamSpeak 3 security/protection and one way we do that is by demonstrating that TeamSpeak 3 is not secure nor stable --- indirectly, we make TeamSpeak 3 patch security issues via releasing PoC tools which are intended to check server/client security.

See this: https://www.quora.com/Does-full-disclosure-with-example-exploit-code-increase-risk or read below.

Imagine for a moment that you run a big office building.

In this office building there are keypads to enter each office. Someone discovers if they enter *12345# three times the door will open. They tell you and ask that you fix it in 7 days.

You investigate and find it to be true then look at fixing it. But there fix is elaborate (because you have to fix the code in the keypad) and there are so many keypads that the cost will be high and labour intensive. You are unable to fix the issue at the end of 7 days.

The person who discovered the risk then tells everyone about the risk and not only that but how to bypass it.

Do you think the risk to each office and office worker has increased? It sure has.

But then look at some alternative scenarios.

1) The vulnerability is found and no one is told about it. Then no fix can be proactively created and it's possible that the vulnerability can be discovered by someone else who may use it for their advantage. Putting the offices at greater risk.

2) You are told but are not given an ultimatum so you take your time bringing a fix. During that time the vulnerability is discovered by another person with no good intentions and puts the offices at greater risk.

3) At the end of 7 days people are told there is a risk but not how it works. The offices now feel threatened as they are unable to protect themselves because they don't know what to look for (people entering codes more than twice or people entering *12345#). Third parties are unable to help them feel more secure. During this time other people know there is some vulnerability and will actively try to find it, increasing the probability that they would find it. Putting the offices at greater risk.

So you see, full disclosure increases risk but not as much as the alternatives.

Full disclosure with deadlines allows:

> 3rd parties to implement detection and protection mechanisms in their systems to mitigate risks.
> vendors to quickly address vulnerabilities. If you make allowances for any one vendor then all vendors would expect similar treatment.
> end users feel more secure because the uncertainly is not there. You know exactly what the risk is.

I hope this is clear.

This is a debate that has been going for years. The reason that Proof of Concept (PoC) exploit code is frequently included in a disclosure announcement is that without it, people don't take the issue seriously.

We see this much less often these days, but a decade or two ago, it was common for major software companies to be notified of a hole and ignore it, claim it wasn't exploitable, claim it wasn't a big deal... The security researchers who notified the company aren't the only ones out there looking, though. So, if they don't put out a fix, someone with more nefarious motives will come along and find the same hole, and they'll use it instead of notify the developers.

The same goes for patching. If a patch comes out but there's no proof of concept code, then some people will delay installing the patches. You would be shocked at the state of a lot of the production web servers that you visit each day.

Having a proof of concept as part of the disclosure lets the IT department prioritize the patch and overrule objections. It lets the admins force the issue and get required developer time to support the new version, if that's needed.

So, yes, having example exploit code does increase the risk. If everyone follows standard responsible disclosure channels, though, it is not much worse than what you would see from people reverse engineering the patches.

 

[Laszl0w]

That was not i ment to. I said if you are saying that "we are not blackhats" you just lie yourself. I didnt say you fool. This what are you doing here is very smart i know that dont worry

Better to click on the red X on the top right corner.

It will work for sure.

 

[Kubax]

I am happy that you are not releasing it into the wild.
Mostly script kiddies will use it to crash random server's all the time.

If you are "forced" to release it prior to a available patch, i have some questions.
1) will it be possible, to ban the ip of the "attacker" because of a entry that is in the logs?
2) does it only crash the server, or is it possible to do remote code execution based on this POC?
3) is there anything else a server administrator can do, to prevent the use of the POC when it is released, besides blocking the attacking ip?

hopefully you are willing / able to answer this questions (without going into detail) before releasing the POC.

 

[Qraktzyl]

I seriously do not understand whats happening but I think a simple explanation is due in the way Qraktzyk sees it (and it's gonna be fucked up, buckle up) :

TeamSpeak is... a sick puppy. Everyone loves the puppy. . But the issue is that it's a sick puppy right now, we need to give him some medicine before it comes back stronger, without cancer. We love the little puppy. We play with the little puppy everyday. The donations and releases are like vaccine for the little puppy. We inject bad shit into little puppy se he can counter it and become stronger. Puppy getting stronger, not passing out anymore when playing around with him. Puppy is now safe.

That's my way of seeing it, and it's basically teamspeak progress. Compare it to a sick puppy. You will see the progress.

I'm going to bed now.

 

[0x0539]

I am happy that you are not releasing it into the wild.
Mostly script kiddies will use it to crash random server's all the time.

If you are "forced" to release it prior to a available patch, i have some questions.
1) will it be possible, to ban the ip of the "attacker" because of a entry that is in the logs?
2) does it only crash the server, or is it possible to do remote code execution based on this POC?
3) is there anything else a server administrator can do, to prevent the use of the POC when it is released, besides blocking the attacking ip?

hopefully you are willing / able to answer this questions (without going into detail) before releasing the POC.

I was actually hoping for a patched binary before the release.

 

[Qraktzyl]

I am happy that you are not releasing it into the wild.
Mostly script kiddies will use it to crash random server's all the time.

If you are "forced" to release it prior to a available patch, i have some questions.
1) will it be possible, to ban the ip of the "attacker" because of a entry that is in the logs?
2) does it only crash the server, or is it possible to do remote code execution based on this POC?
3) is there anything else a server administrator can do, to prevent the use of the POC when it is released, besides blocking the attacking ip?

hopefully you are willing / able to answer this questions (without going into detail) before releasing the POC.

1) No
2) Only crashes.
3) We will probably release a fix. We normally do, but I do not know as I'm not the one that found the crash. Maybe Asphyxia or Supervisor can answer that.

 

[Asphyxia]

Yes, we will have a patch/fix released before the PoC release.

 

[0x0539]

Yes, we will have a patch/fix released before the actual release.

 

[xPRoTeiNN]

I still would not call it blackhat, blackhats would keep releasing exploit tools all the time and raising the prices on them. We are not doing this.

We are giving TeamSpeak a choice to work with us. If they do not work with us, that is their choice and we will keep doing what we need to do for our community to run aka release magic executable files.

No matter what we do or how we do it, our main focus is to increase TeamSpeak 3 security/protection and one way we do that is by demonstrating that TeamSpeak 3 is not secure nor stable --- indirectly, we make TeamSpeak 3 patch security issues via releasing PoC tools which are intended to check server/client security.

See this: https://www.quora.com/Does-full-disclosure-with-example-exploit-code-increase-risk or read below.

I understand that. I just wondering why are you giving that choice to teamspeak ?

 

[Laszl0w]

Because they are a security research team? Don't be fool dude.

 

[ololoev]

Guys, please don't release crasher before official patch is not ready. We, as athp, have many problems from script kiddies when they use you crasher on our service =(