tspeakfp

DeFRaG · **Posted:** 05 Jun 2008 13:55

luigi question how would i make it so i spam with fake players using null byte?

teamspeak://IP:PORT?nickname=namegoeshere%00
i use my hex edited version of TS2 but this works the same way without having to edit it yourself lol.

NOTE it only works for servers running version 2.0.21.3 or below. i may be wrong but not sure :D.

also ive seen someone spam with the nullbyte before not sure wtf they did maybe edited your fake players bug but anyways just thought i would ask//see if u can possibly add a new feature for ppl to use :D.

aluigi · **Posted:** 05 Jun 2008 15:07

the teamspeak protocol uses fixed size fields to store data, the nickname one for example is 29 bytes long (with one byte before which specifies the size).

What you probably mean is specifying for example a length of 29 but sending no nickname, in which case you must modify the source code of the tool:

from:

Code:

        if(nick) {
            p += putss(p, nick,         29);    // nickname
        } else {                                // nickname (random)
            p += putss(p, rnds(str, 30, &rn),   29);
        }

to:

Code:

        *p++ = 29;
        memset(p, 0, 29);
        p += 29;

not tested but should do the job

DeFRaG · **Posted:** 05 Jun 2008 16:59

cool aight im gonna give it a try soon

DeFRaG · **Posted:** 05 Jun 2008 18:58

i tried editing it but i kept getting some stupid error messages.

aluigi · **Posted:** 15 Jan 2009 00:23

today someone posted on milw0rm a vulnerability which has been already described in this forum one year ago some posts above in this same thread:

post1677.html#p1677

http://www.milw0rm.com/exploits/7760

the original author of the vulnerability fixed in the half 2007 is not known (probably the same Teamspeak developers, mah) and except for my post I have never seen other references on internet.

Luigi Auriemma

tspeakfp