Remake of the teamspeak php tool

Norvik

Norvik

Retired Staff
Contributor
Jul 18, 2015
635
588
157
Hello everyone, I was bored last night, so i created a new design for the script which was leaked by @doctor alpha. I also renamed it to FINGVERSE. The original script can be found HERE but it costs 10 bucks which is really expensive.

Requirements
  • Apache, PHP5
  • Some permissions on the default query group
Required permissions
  • b_virtualserver_client_list
  • i_channel_subscribe_power
  • i_client_private_textmessage_power
  • i_client_poke_power
  • b_channel_create_temporary

Index Page
357076c976.png


Message all clients
0bf38ce0a9.png

Download
VirusTotal - 1 / 56
 
JayJax

JayJax

Active Member
Apr 28, 2015
204
109
88
This stuff is broken. tried it on my dedi box and nothing was working. Didnt connect to any ts server.
 
JayJax

JayJax

Active Member
Apr 28, 2015
204
109
88
IT WORKS! If you need information how to work with it,
read the : README.

there is no README HaH gotty!

-JayJax
 
fyfywka

fyfywka

TeamSpeak Developer
Contributor
Sep 10, 2015
147
140
158
04fcb25e69.png

fix
PHP: 
<!--
FINGVERSE
Made by Ridicc/Fexon
Some Parts of the Code are from http://teamspeakcrack.com
-->
<html>
<?php
function getTime()
{
$a = explode (' ',microtime());
return(double) $a[0] + $a[1];
}
$Start = getTime();
?>

<head>
<link href="channel.css" type="text/css" rel="stylesheet" />
<title>FINGVERSE - Message Bot</title>
<meta charset="utf-8">
<link href="icon.ico" rel="shortcut icon" />
</head>
<body>
<div id="logo"><a href="./index.html"><img src="logo.png" height="50px" width="" /></a></div>
<center>
<br><br>
<h1>FINGVERSE - Message all clients!</h1>
<div class="ct">
<form action="" method="post">
  <table width="510">
  <tr><td><a id="text">IP: </td> <td><input type="text" name="ip" style="width:370px;background-color: transparent;" placeholder="127.0.0.1"/></td></tr>
  <tr><td><a id="text">Port UDP: </td> <td><input type="text" value="9987" name="udp" style="width:370px;background-color: transparent;" placeholder="default  9987"/></td></tr>
  <tr><td><a id="text">Port Query:&emsp;&emsp;&emsp;&emsp;</td> <td><input type="text" value="10011" name="query" style="width:370px;background-color: transparent;" placeholder="default 10011"/></td></tr>
 
  <tr><td><a id="text">Login: </td> <td><input type="text" name="login" style="width:370px;background-color: transparent;"  placeholder="optional"/></td></tr>
  <tr><td><a id="text">Password: </td> <td><input type="text" name="haslo" style="width:370px;background-color: transparent;"  placeholder="optional"/></td></tr>
 
<tr><td><a id="text">Interval between messages: </td> <td><input type="text" name="interval" style="width:370px;background-color: transparent;" value="10" placeholder="message for 10 sec"/></td></tr>
  <tr><td><a id="text">Nickname: </td> <td><input type="text" value="FINGVERSE" name="nick" style="width:370px;background-color: transparent;"  placeholder="client nick"/></td></tr>
 
  </table>
<p><a id="text">Insert your message:&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;</p>
<textarea style="width: 510px; height: 250px;background-color: transparent;" cols="60" rows="12" type="text" name="txt"/>
</textarea>
<br>
<input style="width:510;" type="submit" value="SEND TO EVERYONE!" class="ocb" />
<a id="button" href="./index.html">Home</a>
</form>
</div>

<?php
set_time_limit(0);
ignore_user_abort(true);
ini_set("display_errors", 0 );
if(isset($_POST['ip'])&&($_POST['udp'])&&($_POST['query'])&&($_POST['nick'])&&($_POST['txt']))
{
require_once("libraries/TeamSpeak3/TeamSpeak3.php");
$ts3_VirtualServer = TeamSpeak3::factory("serverquery://".$_POST['login'].":".$_POST['haslo']."@".$_POST['ip'].":".$_POST['query']."/?server_port=".$_POST['udp']."&nickname=".$_POST['nick']);
$ilosc = 0;
$interval = $_POST['interval'];
echo "<p id='dark'><span style='color:green'>Send to: </span>";
foreach($ts3_VirtualServer->clientList() as $ts3_Client)
{
    if($ts3_Client["client_type"]) continue;
    $ts3_Client->message($_POST['txt']);
    echo "<b>".$ts3_Client."</b><span style='color:green'>, </span>";
    $ilosc++;
    sleep($interval);
}
}
//end li
if(isset($_POST['ip'])&&($_POST['udp'])&&($_POST['query'])&&($_POST['nick'])&&($_POST['txt']))
{
echo "</p><p id='dark'><span style='color:green'>Message received </span><b>".$ilosc."</b><span style='color:green'> users.</p>";
$End = getTime();
echo "<p id='dark'><span style='color:green'>Send time </span>".number_format(($End - $Start),2)."<span style='color:green'> seconds.</span></p></span>";
}
?>
</center>
</body>
<html>
 
why-am-i-even-here

why-am-i-even-here

Member
Nov 7, 2015
53
78
53
ol9clFDVjTJlLQpf.jpg

I don't understand why people would choose PHP to implement such "hacks".

My assumption: the original author (probably only knew PHP and) found the ts3admin class and put together this awful piece of code. How can someone have the nerve to demand 10 bucks for a piece of shit software like this that basically is a rip-off of someone else's work? What a pathetic script kiddy.

No offense to Ridicc though.

Anyway, to contribute something constructive: This "hack" is just another reason to not directly expose the ServerQuery port. TeamSpeak 3 was and will always be a bug-ridden software that wasn't built with security in mind. Actually it's quite a funny story how TS3 came about, but I digress - I'll leave that for another time.
I advise all server administrators to put a TCP reverse proxy in between the TeamSpeak Server and all connecting ServerQuery clients. This proxy should implement some trivial security checks and only allow whitelisted commands.

It would be even better to re-implement a subset of the ServerQuery protocol, which protects you from potential 0day SQ exploits and in addition allows for some... let's call it "tweaking". It's not very difficult and opens a whole new realm of possibilities.

For maximum security and redundancy the machine running the TS server shouldn't even be exposed to the public network, but exclusively be accessible via multiple reverse proxy gateways. This way you have no single point of failure (well, except from a buggy server itself) and DDoS attacks become ineffective.

I might write up a little summarized guide, if there's interest and I can find the time.
 
Last edited:
timodohmen

timodohmen

Member
Oct 16, 2015
125
43
63
Ridicc said:
Hello everyone, I was bored last night, so i created a new design for the script which was leaked by @doctor alpha. I also renamed it to FINGVERSE. The original script can be found HERE but it costs 10 bucks which is really expensive.

Requirements
  • Apache, PHP5
  • Some permissions on the default query group
Required permissions
  • b_virtualserver_client_list
  • i_channel_subscribe_power
  • i_client_private_textmessage_power
  • i_client_poke_power
  • b_channel_create_temporary

Index Page
357076c976.png


Message all clients
0bf38ce0a9.png

Download
VirusTotal - 1 / 56
Click to expand...
Nothing works :)
 
Norvik

Norvik

Retired Staff
Contributor
Jul 18, 2015
635
588
157
You should be sure that the server query guest has the following permissions. Try to grant these permissions, I'll do a video if it still doesn't work.
  • b_virtualserver_client_list
  • i_channel_subscribe_power
  • i_client_private_textmessage_power
  • i_client_poke_power
  • b_channel_create_temporary
 
timodohmen

timodohmen

Member
Oct 16, 2015
125
43
63
Ridicc said:
You should be sure that the server query guest has the following permissions. Try to grant these permissions, I'll do a video if it still doesn't work.
  • b_virtualserver_client_list
  • i_channel_subscribe_power
  • i_client_private_textmessage_power
  • i_client_poke_power
  • b_channel_create_temporary
Click to expand...
I tried now on a clear server ( localhost ) with query login (serveradmin only) the poker working the channel spammer doenst work any way... the messages.php too!
After one using the poke.php doenst work any more... idk. why pls. help me :c
 
You must log in or register to reply here.
Top