Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Results 1 to 12 of 12
  1. #1
    Join Date
    April 2006
    Location
    PA
    Posts
    14

    TS3 Token can be generated and get SA?

    Yesterday someone came onto our server and granted themselves SA.

    Before banning him I asked how he did it, obviously he wouldn't tell me.

    But before that he mass banned everyone but me. I had Super admin so he couldn't get me.

    So I was checking Youtube and see all over youtube this token program that can gen SA keys. Is there something I can do to prevent this from happening?
    Like, be able to turn off token generation for SA in the back end so even if they try to gen a new token it won't allow them to register it?

  2. #2
    Join Date
    February 2006
    Location
    Texas, USA
    Posts
    4,143
    Are you 100% positive your permissions are air tight?

  3. #3
    Join Date
    January 2010
    Location
    Secret Base in Arctic Region
    Posts
    1,671
    What poisonpanik wanted to say is you should check the following permissions of your groups:
    * i_group_needed_member_add_power
    * i_group_needed_member_remove_power

    If they're not set or to a lower value than someones "i_group_member_add_power" and "i_group_member_remove_power" value, a user can add himself to that group.

    Also, check if there not any unused tokens left, that may grant user certain privileges or if any of them were use recently by users you dont know.
    Also check who has these permissions:
    * b_virtualserver_token_list
    * b_virtualserver_token_add
    * b_virtualserver_token_delete

    Btw, nice new avatar poison, looks better than the old one...

  4. #4
    Join Date
    November 2009
    Location
    Dublin, Ireland
    Posts
    379
    i would like to see this token program, if you got any links to this you tube stuff thanks. team speak has always had people claim they can crack it with hacks, few years back on ts2 this could happen but it was fixed yet the hoaxes continued. so its important to be sceptical and keep an open mind with this stuff.

  5. #5
    Join Date
    December 2009
    Location
    Germany
    Posts
    2,360
    There are some videos on youtube, but in the youtube comments many people writes that the download link is just a virus. I did not checked this.

    But I do not know how this should be possible by a token, because the token must be generated by the server. In my opinion the only way can be only wrong permissions. Don't forget that guests can be "Channel Admin", if you allow creating channels on your server. So just check any permission that allow something in this direction in the guest and channel admin group too.

  6. #6
    Join Date
    January 2010
    Location
    Secret Base in Arctic Region
    Posts
    1,671
    Tokens are stored in the database and read from there.
    So, unless someone has access to the servers database, you cant generate/use tokens from outside of TS.
    Maybe the "virus" you mentioned creates a backdoor to edit the database or get special permissions in TS.

  7. #7
    Join Date
    November 2009
    Location
    Dublin, Ireland
    Posts
    379
    the SQL database is encrypted with SHA i believe.

  8. #8
    Join Date
    April 2006
    Location
    PA
    Posts
    14
    Quote Originally Posted by Alcazar View Post
    What poisonpanik wanted to say is you should check the following permissions of your groups:
    * i_group_needed_member_add_power
    * i_group_needed_member_remove_power

    If they're not set or to a lower value than someones "i_group_member_add_power" and "i_group_member_remove_power" value, a user can add himself to that group.

    Also, check if there not any unused tokens left, that may grant user certain privileges or if any of them were use recently by users you dont know.
    Also check who has these permissions:
    * b_virtualserver_token_list
    * b_virtualserver_token_add
    * b_virtualserver_token_delete

    Btw, nice new avatar poison, looks better than the old one...
    Checked all of that. I had to remove "Use Token" from everyone in order to prevent this hack from working. If they gen a token, they still can't use the token if there is nowhere to submit it.

    Here is the video I found. It seems like what was used. As far as I am told from talking with people is that this is a legit one. Where to get it I don't know. Wish I could get my hands on it so I could submit it into the devs and have them fix whatever hole it is using.

    BlackSource1337 is the maker as far as I know and here is the video to it "NOT A DOWNLOAD!" just the video.... hxxp://xxx.youtube.com/watch?v=ZPf8tdt8I9c

  9. #9
    Join Date
    March 2010
    Location
    Germany
    Posts
    114
    In a lot of TeamSpeakViewer-Scripts are security vulnerabilities.
    Through this vulnerabilities you can execute you own Query-commands.
    So you can give yourself SA

    Greez

  10. #10
    Join Date
    January 2010
    Location
    Secret Base in Arctic Region
    Posts
    1,671
    Did you read the comments of this video? Many say its a fake.
    Even if you could generate token-strings, they have to be stored in the servers database to be used.
    And as maxe__ said, the leak can be in scripts, plugins and such you are using.

  11. #11
    Join Date
    June 2002
    Location
    Krün / Germany
    Posts
    1,638
    we searched for this "hack", what we found is only virus/trojan stuff.

  12. #12
    Join Date
    January 2010
    Location
    Secret Base in Arctic Region
    Posts
    1,671
    Just the usual "bait" to get users to load this stuff.
    Like they done in past with so called pictures of celebrities...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. No privilege key generated
    By AnNeX in forum Windows
    Replies: 4
    Last Post: January 15th, 2014, 10:51 AM
  2. How are Icon-IDs generated?
    By Mumpitz in forum General Questions
    Replies: 1
    Last Post: June 8th, 2011, 07:50 AM
  3. TS3 Token can be generated and get SA?
    By AKA-Shadow in forum Bug Reports [EN/DE]
    Replies: 6
    Last Post: May 30th, 2010, 04:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •