RFI vulnerability in TeamSpeak [3.0.0 - 3.0.18.1]

[Kaptan647]

That was fast

 

[Probber]

Got it reported that fast ?

 

[Kaptan647]

Someone leaked it or one of the devs has vip in r4p3

 

[9dc]

teamspeak mad

 

[Probber]

the whole vip section makes no sense if a Dev from Teamspeak got access to it.

 

[denka]

the whole vip section makes no sense if a Dev from Teamspeak got access to it.

Yeah but I think someone leaked it

 

[Flex99]

No biggie if someone did leak it, the percentage of ppl who actually manually update their ts client is really so low that having fun with this for a long time to come will be possible.

 

[9dc]

 

[unknown]

i have the file but it is never executed.
any ideas ?

 

[Bluscream]

 

[Supervisor]

i have the file but it is never executed.
any ideas ?

what file do you have?
Make sure the .bat file gets downloaded with the correct content into the startup directory. It then will be executed when the computer restarts the next time

 

[Derp]

BTW

Probably noone of you guys noticed that, There's an easteregg in THIS thread

If you're careful enough, you will notice that in the video, there is a thread named RFI Exploit Development at the beginning

X)

(And To think I told supervisor that this was a bad idea)

 

[the|Ripper]

Some user tried it at our TS. But now it seems to be fixed. I hope Supervisor has more exploits in his backhand My Vic is allready patched They highered they min. TS3 Version.

 

[TeraGhost]

Guys can someone help me to setup this I will donate you money $$$ if you help me for setup it Tried almost everything and no success

 

[Probber]

Dont get scammed it isnt worth to set this up most Av's will cut off your way. Anyway it is fixed already in the newest version of Teamspeak

 

[Asphyxia]

A lot of people are not patched/updated. I just did a random check and approximately 50% of people were not patched. I obviously did not spend a lengthy period pulling that information --- so my results are not perfect. It would be very cool to have that sort of analytic information on TeamSpeak users.

ex:
Average TeamSpeak Users Updated: 4,233
Average TeamSpeak Users Outdated: 4,241

A public database full of loads of information like that would be highly useful, I think. A TeamSpeak 3 bot that goes to public servers and extracts user information (client version), OS, etc.. that would allow us to quickly gathers statistics. Using a graph to show people updated by time, like this: http://www.highcharts.com/demo/area-basic/sand-signika

 

[Bluscream]

A lot of people are not patched/updated. I just did a random check and approximately 50% of people were not patched. I obviously did not spend a lengthy period pulling that information --- so my results are not perfect. It would be very cool to have that sort of analytic information on TeamSpeak users.

ex:
Average TeamSpeak Users Updated: 4,233
Average TeamSpeak Users Outdated: 4,241

A public database full of loads of information like that would be highly useful, I think. A TeamSpeak 3 bot that goes to public servers and extracts user information (client version), OS, etc.. that would allow us to quickly gathers statistics. Using a graph to show people updated by time, like this: http://www.highcharts.com/demo/area-basic/sand-signika

http://ts3index.com/?lang=en&page=stats&sub=clients

 

[Bluscream]

cumming on my screen

 

[Death the Kid]

cumming on my screen

Dante makes my head hurt.

 

[0day]

This is not meant to be used as a tutorial, but for educational purposes, only!

We, r4p3.net, are not responsible for any abuse of this! Use it only on your own computer with a virtual machine!

A few ways to protect yourself against this attack can be found here


The file can be found here.
We cannot post it on the forum, because our security software won't let us - it is potentially dangerous I guess TeamSpeak should copy that piece of software
Remember sharing this link to anyone will get yourself bannd on the forum!

Credits go to @Derp @Asphyxia @Kaptan647 @Supervisor

Brilliant absolutely brilliant!