Script: making hidden SA possible by tcpquery (R to SA)

mbutschek · #1 19-01-2004, 15:19

(english text see inside the script!)

Hier ein kleines Script, um einen registrierten User, der gerade online ist, zum SA zu ernennen. Hintergrund ist folgender: Oft will man auf seinem eigenen Server nicht als SA sein, da die Leute gleich mit 100 Fragen losstürmen. Doch bleibt man "anonmy" als normaler User und braucht man dann mal SA-Status, muß man neu connecten.

Mit diesem Script ist es möglich, den eigenen Login-Namen (nicht NICK!) jederzeit per Tastendruck zum SA zu machen. Das geht dank PHP4 sowohl von der Linuux Shell aus wie auch über eine Webseite. Das Script hat KEINE Fehlerprüfung, also nicht 100% sauber. Das Script ist frei von copyright und darf von jedermann benutzt werden. Für Funktionsweise, rechtliche Hinweise, etc bitte den Text im Script lesen.

PHP Code:


			
#! /usr/bin/php4 -q

<?



# Settings

$TCPSERVER="localhost";    # Name or IP of the server

$TCPPORT=51234;            # Port of the tcpquery

$TSPORT=8767;              # Port of the TS server

$SULOGIN="superadmin";     # Name of the super admin

$SUPASSWORD="mypassword";  # Password of the super admin

$SALOGIN="mike";           # Name which uses SA to log on



#

# Often SA want to talk on their server without SA status (too

# many questions from player) but if they need SA, they have to

# reconnect.

#

# This script is connection to a TeamSpeak TCPQUERY server,

# searches for Player with a given login and grant them SA

# privileges.

#

# So you can stay regular registeres user and make yourself

# SA when you need it. This script will not remove SA, cause

# you can do it yourself, when you are SA.

#

# This script is public domain, no rights reserver, no copy-

# right, so you can use, give to others or change the script

# just as you like. But please be fair and upload better

# versions of this script to the TeamSpeak forum, so all

# users can use it, too.

#

# The script is using PHP4 (script is not compatible with PHP3!),

# you can run it as a linux shellscript (chmod 700, your password

# is stored there!) or on a webserver with PHP support.

#

# btw: Line 1 and 5-10 must me edited! Insert correct path of

# the php interpreter and your server and login informations.

#

# Other thing: This script has NO ERROR VERIFYING! If the

# server answers in a not expected way, the script will fail!

#

# I give NO guaranty for functionality damage by this script.

# You can use is or let it be. It work's at my TS-server in

# version 2.0.19.40, I don't know what other versions do, but

# you can test it yourself and alter the script if you need.

#

# I give actually no support to that or other scripts, but

# if you have a question, you can try emailing me. But please

# no questions like "how do i install". Learn yourself that.

# Michael Butschek <tss@butschek.de>

#



# FUNCTION TO READ DATA FROM SERVER

  function tcpquery($data)

    # Send a string $data to the server and read

    # answer from the server (including echo and

    # ok or error at the end!

    {

    global $handle;

    fputs($handle, $data."\n");

    $data="";

    $newdata=" ";

    while ($newdata!="")

      {

      $newdata="";

      $newdata=fgets($handle,1024);

      $data.=$newdata;

      }

    return $data;

    }



  # Open the connection to the server.

  # Connect timeout is 5 seconds

  $handle=fsockopen($TCPSERVER, $TCPPORT, $errno, $errstr, 5);

  if (!$handle)

     die ("Verbindungsaufbau fehlgeschlagen:\n($errno) $errstr");

  socket_set_blocking($handle, 0);



  # Send empty string to clear the buffer (welcome-message)

  tcpquery("");



  # Select server port

  tcpquery("sel $TSPORT\n");

  

  # Login as superadmin

  # Hint: If you want to use this script NOT as superadmin

  # but as regular admin of a server, use "login" instread

  # of "slogin"

  tcpquery("slogin $SULOGIN $SUPASSWORD\n");

  

  # Read the playerlist

  $PLAYERDATA=tcpquery("pl\n");



  # Alter string output to array,

  # each line will be an element of the array

  $PLAYERDATA=explode("\n", $PLAYERDATA);



  # Repeat for every element in array (=every line)...

  while(list($KEY, $LINE)=each ($PLAYERDATA))

    {

    

    # Alter Line-String to Array (TAB-Seperared)

    $LINEARRAY=explode("\t", trim($LINE));

    

    # check if element 15 (login) is same as $SALOGIN

    if ($LINEARRAY[15]=="\"$SALOGIN\"")

      {

      

      # If true, then give this player (p_id = element 0)

      # admin permissions.

      tcpquery("sppriv $LINEARRAY[0] privilege_serveradmin 1\n");



      # Type action on screen

      echo("User $LINEARRAY[14] granted SA privileges");

      }

    }



  # Send quit to the server (leave tcpquery)

  tcpquery("quit\n");



  # Close server connection

  fclose($handle);



  # Just give out one more enter

  # (looks better in shell, I think)

  echo "\n";

  

?>

loki1958 · #2 03-04-2004, 12:56

this script explains (i believe) many of the "my TS was hijacked/hacked!!" posts i've seen here,,, i too have had the problem of a user coming in and suddenly acquiring SA rights and totally screwing up my TS server,, revoking authorized rights, foul langague channel names and server name and such. having this available to the public is much more a hinderance than a help i think.

a note to the TS staff that (i feel) have responded unkindly to posts regarding TS being hacked.
the above post clearly shows how a malicious person could attain the results others have tried to bring to your attention.

i too hope that TS staff would be more receptive to possibliities and investigate a bit more perhaps, before replying to other ADULTS disrespectfully

Thank you for your time,, TS is great, I / We love it,, great work guys (and gals?)

Loki

Brain · #3 03-04-2004, 13:07

No, it's not. Without the superadmin credentials you can't do diddly squat with this script.
It doesn't do anything else but connect to the TCP Query Port, login as superadmin and grant server admin privileges to a player with predefined login name.

SatanClaus · #4 04-04-2004, 02:36

that post is almost insulting for any developer...

Quote:

tcpquery("slogin $SULOGIN $SUPASSWORD\n");

in the quoted line the script expects the variables $SULOGIN which is the superserveradmin's loginname and $SUPASSWORD which is the according password.

And if you knew about the tcpquery interface of TS-servers you'd know that you'll need to login before you can perform any of those security-related actions.

Don't accuse us of being disrespectful, as we check nearly all of the "security exploit reports". The only thing we want is a log that shows something else than some user that connected with a nick faking the SA-flag. We don't need bad promotion caused by some noobs *sorry for not beating around the bush* who just didn't understand what they were doing when granting SA to someone with SA in the nickname or when changing their passwords to "password" as it's much easier to remember than some random string.
I think you have to understand that such things don't make us very happy, and we even prohibited the characters ()[]{} in nicknames on server-version 2.0.20.1+, so don' t accuse us of not taking measures or being impolite...

cu
SatanClaus

madcat · #5 04-04-2004, 03:58

yeah you are doing fine on security.
but still there are 2 issue's i'd like to see taken care of
- passwords encrypted stored in the db
- before it's possable to do any tcpquery actions i'd like the user to login, because someone still can gain accesss to information about my server without having any password at all

like:
sl : serverlist
pl : playerlist
cl : channellist
ver : version
gi : global information
si : server information

is this realy needed?
why not only make "sel, login and slogin" public commands, and maybe also the "help" command.

and for the list and information commands you need at least the server password.

PS: this script didn't work for me on the latest team speak serve.