When teamsleep www code will be relased?

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
Code:
<?php
if(isset($_POST['liable']))
{
    require 'pstools.inc.php';
    chdir(getcwd());
 
    $remoteH = $_POST['remoteH'];
    $remoteP = intval($_POST['remoteP']);
    if(filter_var($remoteH, FILTER_VALIDATE_IP) && $remoteP>0 && $remoteP<65536)
    {
     
        if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
            $_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
        }
        if(isset($_SERVER['HTTP_X_SUCURI_CLIENTIP']))
        {
            $_SERVER["REMOTE_ADDR"] = $_SERVER['HTTP_X_SUCURI_CLIENTIP'];
        }
        $email = $_SESSION['passr'];
        $myFile = "logs/checks.txt";
        $fh = fopen($myFile, 'a') or die("can't open file");
        $stringData = date("F j, Y, g:i a")." | CHECKER:".$_SERVER["REMOTE_ADDR"]. " & ".$email." | TARGET:".$remoteH.":".$remoteP."\r\n";
        fwrite($fh, $stringData);
        fclose($fh);
 
        //exec("psexec.exe rekt.exe 127.0.0.1 9987");
        //echo "<script>alert('Security check launched, standby.');</script>";
        //exec("psexec.exe -d -accepteula rekt.exe $remoteH $remoteP 2>&1", $output);
        //print_r(array_values($output));
        //sleep(1);
        //$pieces = explode("s ID ", $output[5]);
        //$slayer = rtrim($pieces[1], ".");
        //echo $slayer;
        //shell_exec("taskkill /PID ".$slayer." /F /T");
        exec("psexec.exe -d -accepteula C:/xampp/htdocs/rekt.exe $remoteH $remoteP 2>&1", $output);
        sleep(5);
        echo $output[4];
                $pieces = explode("s ID ", $output[5]);
                sleep(1);
        $slayer = rtrim($pieces[1], ".");
        echo $slayer;
        sleep(1);
        shell_exec("taskkill /PID ".$slayer." /F /T");
        $finished = 1;
        //PsKill($pieces[1]);
    }else{
        echo "<script>alert('Invalid IP address or port number.');</script>";
    }
}
?>
<!DOCTYPE html>
<!--
TEMPLATE
Name: Zoo Planet
Version: 1.0
Created: 23 January 2014

AUTHOR
Design and code by: http://www.bootshape.com
Free stock photos by: http://www.bootshape.com

Read full license: http://www.bootshape.com/license.php

CREDITS
Background: http://subtlepatterns.com/ (extra_clean_paper)
Fonts: http://www.google.com/fonts (Actor, Duru_Sans)

SUPPORT
E-mail: [email protected]
Contact: http://www.bootshape.com/contact.php
-->
<html>
  <head>
    <title>TeamSleep</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <!-- Bootstrap -->
    <link href="css/bootstrap.css" rel="stylesheet">
 
    <!--Google Fonts-->
    <link href='//fonts.googleapis.com/css?family=Belgrano|Courgette&subset=latin,latin-ext' rel='stylesheet' type='text/css'>

 
    <!--Bootshape-->
    <link href="css/bootshape.css" rel="stylesheet">

    <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
    <![endif]-->
  </head>
  <body>
    <!-- Navigation bar -->
    <div class="navbar navbar-default navbar-fixed-top" role="navigation">
      <div class="container">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
            <span class="sr-only">Toggle navigation</span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a href="./" class="navbar-brand">TeamSleep</a>
        </div>
        <nav role="navigation" class="collapse navbar-collapse navbar-right">
          <ul class="navbar-nav nav">
         <li><a href="?logout=yes">Logout</a></li>
            <li class="dropdown">
              <a data-toggle="dropdown" href="#" class="dropdown-toggle">Credits <b class="caret"></b></a>
              <ul class="dropdown-menu">
                <li><a title="Aye!" href="#">Kaptan647</a></li>
                <li><a title=";]" href="#">Derp</a></li>
                <li><a title="What are you looking at?" href="#">Supervisor</a></li>
                <li><a title="rm -rf /*" href="#">ehthe</a></li>
                <li><a title="Shh, sleep." href="#">Asphyxia</a></li>
                <li><a title="This cake tastes good." href="#">rofl</a></li>
                <li class="divider"></li>
                <li><a target="_blank" href="https://r4p3.net/">R4P3.NET</a></li>
              </ul>
            </li>
          </ul>
        </nav>
      </div>
    </div><!-- End Navigation bar -->

    <!-- Slide gallery -->
    <div class="jumbotron">
      <div class="container">
        <div class="col-xs-12">
        </div>
      </div><!-- End Slide gallery -->
    </div>

    <script>
        function iAgree() {
            document.getElementById('rocket').disabled = false;
        }
     
        function plsWait() {
            document.getElementById('rocket').value = "Please wait, beginning check.";
        }
    </script>
 
    <!-- Content -->
    <div class="container">
      <div class="">
        <h3 class="">Do you like security?
        <?php if(isset($_POST['agree'])){
        echo "<font color='red'>Security check attempted.</font>";
        }
        ?>
        </h3>
        <p>Great, we do too! That is why we are going to let you check your TeamSpeak 3 server security from this website.</p>
        <p>Because this tool could be harmful, you will have to agree that you will only be checking your own TeamSpeak 3 server on the Internet.</p>
        <p><b><u>You</u>, the website visitor accept any and all responsibility for misusing this tool.</b></p>
        <form method="post" action="/">
        <p>TeamSpeak 3 Server: <input size="15" type="text" name="remoteH"> : <input size="4" type="text" value="9987" name="remoteP"></p>
        <p><label><input onclick="iAgree()" type="checkbox" name="liable" value="value"> I certify that I own the server listed above and understand that by clicking "submit", the server will be checked for security and may crash.</label>
        <p><input type="submit" onclick="plsWait()" id="rocket" name="go" disabled="true" value="Let's go!"></p>
        </form>
      </div>
    </div><!-- End Content -->
    <!-- Footer -->
    <div class="footer text-center">
        <p>Security is like a kite, fly it high or crash low.</p>
    </div><!-- End Footer -->

    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
    <script src="js/jquery.js"></script>
    <!-- Include all compiled plugins (below), or include individual files as needed -->
    <script src="js/bootstrap.min.js"></script>
    <script src="js/bootshape.js"></script>
  </body>
</html>

Code:
<?php
// pstools.inc.php
chdir(getcwd());
    function PsExecute($command, $timeout = 60, $sleep = 2) {
        // First, execute the process, get the process ID
        $pid = PsExec($command);
     
        if( $pid === false )
            return false;
     
        $cur = 0;
        // Second, loop for $timeout seconds checking if process is running
        while( $cur < $timeout ) {
            sleep($sleep);
            $cur += $sleep;
            // If process is no longer running, return true;
            if( !PsExists($pid) )
                return true; // Process must have exited, success!
        }
     
        // If process is still running after timeout, kill the process and return false
        PsKill($pid);
        return false;
    }
 
    function PsExec($command) {
        exec("psexec.exe -s -d $command  2>&1", $output);

        while( list(,$row) = each($output) ) {
            $found = stripos($row, 'with process ID ');
            if( $found )
                return substr($row, $found, strlen($row)-$found-strlen('with process ID ')-1); // chop off last character '.' from line
        }
     
        return false;
    }
 
    function PsExists($pid) {
        exec("pslist.exe $pid 2>&1", $output);

        while( list(,$row) = each($output) ) {
            $found = stristr($row, "process $pid was not found");
            if( $found !== false )
                return false;
        }
     
        return true;
    }
 
    function PsKill($pid) {
        exec("pskill.exe $pid", $output);
    }
?>

This is the source you need right here. Additionally there is a compiled C# utility you will need and the theme (CSS) files. No, this is probably not the neatest/pretties source although I did make it at like 4 AM without sleeping. :cool:

This is for Windows-based servers only. The C# executable kept hanging, so I had to terminate it after X seconds. *shrugs*
 

Yolo

Member
Jan 10, 2016
134
46
63
LaszL0w

This is the source you need right here. Additionally there is a compiled C# utility you will need and the theme (CSS) files. No, this is probably not the neatest/pretties source although I did make it at like 4 AM without sleeping. :cool:

This is for Windows-based servers only. The C# executable kept hanging, so I had to terminate it after X seconds. *shrugs*
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
@Asphyxia when the C# compiled will be relased?
After discussing further with the team whether to release the C# compiled project --- we have decided this would take away everyone from the use of our project. You could then easily strip any sign of R4P3 from our creation, then release your own tool(s) marketed under "YOLO TeamSleep" for example. We do not want this, we are a security research team and community, so if you want to go get the client (desktop app), you may. Releasing our whole web project would be a bad idea though. You have the PHP source, the other part is the engine and we're not going to hand out free engines here. You can feel free to try to join our team if you would like, that takes a lot though. :p

I am sorry if I made you guys excited about me releasing the whole project 100%, I have released the back-end though (PHP). The rest is on your own. If you want to go through the effort, you could somehow macro/wrap the desktop client version with another language and achieve a similar result as to what I had. :cool:
 

Yolo

Member
Jan 10, 2016
134
46
63
mmm the VIP desktop client dosen't work... for any version... if i had the crash string i can try to do someting (i never programmed in C#)
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
mmm the VIP desktop client dosen't work... for any version... if i had the crash string i can try to do someting (i never programmed in C#)
There is no magical crash string :p , there are many libraries and the project would be impossible without the work of an awesome man around here (do not have his permission to release his name). By releasing the weeks/months of work he did to our VIP members, we could be jeopardizing the security/safety of the entire TeamSpeak 3 community. More malicious individuals could play with this information to develop very harmful software (infecting clients/servers), we are not sure. This is one main reason we safeguard the project so carefully. As much as handing out the C# binary would be cool for you, it could be hell for everyone else. :cool:
 
Top