Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 13:05

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 35 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: tspeakfp
PostPosted: 20 Aug 2007 12:32 

Joined: 20 Aug 2007 12:26
Posts: 4
Hey Luigi. I have a question about your tspeakfp tool.
I've been trying to set it up so I could flood a server and I usually do like this : tspeakfp -p **** -v 2.0.32.60 -x [IP] and it starts up.
The problem is that I always get banned for flooding on all the servers I tried...
Is there any way to fix this? Am I doing something wrong?



Thanks in advance Luigi.


Top
 Profile  
 
 
 Post subject:
PostPosted: 20 Aug 2007 12:45 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
well, that's enough normal since the admin or the anti-fakep_players mod see the flooding attack and bans your IP address.
the only way for bypassing the banning is changing your IP address, for example using a socks proxy but this will not avoid the banning of this other IP too


Top
 Profile  
 
 Post subject:
PostPosted: 20 Aug 2007 13:16 

Joined: 20 Aug 2007 12:26
Posts: 4
Ohhh... so using a socks proxy I can keep changing my IP in order to flood continuously? Which do you recomend ? Where to get it ? How do I use it ?


Thanks alot man.


Top
 Profile  
 
 Post subject:
PostPosted: 20 Aug 2007 13:37 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
you will not able to flood the server continuosly, you can only until you will get re-banned (not your real IP but that of the socks proxy server).

A socks proxy is just a machine which will be between you and the target, so the IP that the target will see is that of the server and not yours.

Now I will explain a bit how the things work since this is useful in future in case of other people which wants info about how using a proxy.
You need 2 things:
- a socks server to which you can connect
- a program which automatically "proxyfies" your programs

The socks servers are listed on many websites and they can be of various types, slow, fast (exist fast socks servers??? naaa), open socks created by admins with small computer knowledge, created by crackers, honeypots and so on.
Anyway you need one of these and it's enough to search "socks list" on a search engine for knowing the public lists maintained daily.
Note that a socks proxy is not the only choice with TCP connections since the HTTP proxies which allow CONNECT can be used at the same way.
Then remember that could be long to find a working proxy...

About the program to use (the "proxifier"), a good choice for Windows is SocksCap which unfortunately is no longer supported but it's simple to use and it's free.
You can still find it online somewhere but I think you must hex edit the executable, in this case I have created a patch for it.
For the moment do NOT use Freecap because it has many protocol bugs which don't make it to work correctly with some types of proxy or connections, I hope these bugs (I reported them to the author) will be fixed in the 3.19 version.

That's all


Top
 Profile  
 
 Post subject:
PostPosted: 20 Aug 2007 14:26 

Joined: 20 Aug 2007 12:26
Posts: 4
Ok m8 thanks alot for the explanation. Just another thing.. on the server that I tried to flood there is some random guy that can actually flood it like hell without getting banned. Any ideas on why he can and I can't ?


Top
 Profile  
 
 Post subject:
PostPosted: 20 Aug 2007 14:39 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
it's possible that he uses a longer delay during the attack using the -t or -T options.

A correction about Sockscap, version 2.40 no longer has the annoying "expiration" message so no hex editing is needed (except if you want to remove the annoying splash screen at 0xE888).


Top
 Profile  
 
 Post subject:
PostPosted: 20 Aug 2007 15:10 

Joined: 20 Aug 2007 12:26
Posts: 4
Well ye I thought that too but he floods really fast with a really low delay time. I've done few tests on the server and I can only maintain the fake players coming in if I put it with a delay of 6 seconds between each connection : -t 6 :S


Top
 Profile  
 
 Post subject:
PostPosted: 01 Sep 2007 19:42 

Joined: 01 Sep 2007 19:39
Posts: 3
Should SocksCap force ALL connections through a SOCKS proxy?


Top
 Profile  
 
 Post subject:
PostPosted: 01 Sep 2007 21:06 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
Sockscap redirects to the proxy all the connections made by the program you are proxyfying


Top
 Profile  
 
 Post subject:
PostPosted: 10 Nov 2007 16:02 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
Quick step-by-step to the usage of Sockscap (the latest version should be 2.40-051231):

- run sc32.exe
- go on File->Settings
- type the IP address of the SOCKS server you choosed and it's port (usually 1080)
- choose the version of the server, 4 or 5 (leave the default option)
- now select New from the main menu for adding the tool/program you want to use
- select the Command Line executable with the Browse button (for example peerchar_irc.exe) and click on OK
- now if you want to run the proxified program just double click on its icon in the main menu

Remember that you must be sure that the SOCKS proxy works so test it, for example using a proxified netcat for doing the tests (like "c:\folder\nc.exe 207.38.11.136 6667 -v -v -n", I have used directly the IP of peerchat.gamespy.com for being faster), and modify the relative setting each time you want to try a new proxy server.


Top
 Profile  
 
 Post subject:
PostPosted: 29 Feb 2008 12:15 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
in case someone is interested the second bug described here http://secunia.com/advisories/26141/ is probably referred to the command "help ..\..\..\..\boot.ini"
The current versions of Teamspeak now drops any dot and slash/backslash car.


Top
 Profile  
 
 Post subject:
PostPosted: 28 Apr 2008 11:10 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
Update for the TOR + Sockscap method, since this thread is linked in another thread too

Then with Tor there is no longer the need to find valid SOCKS servers, it's enough to:
- install the Tor/Vidalia Package http://www.torproject.org/download.html.en
- run sockscap, this tool is hard to find on the net so a ready to use copy is available on http://mirror.aluigi.org/misc/sockscap-2.40-051231.zip
- in the SOCKS settings place 127.0.0.1 and port 9050 as SOCKS server and select SOCKS Version 5 and "Resolve all names locally"
- launch Vidalia and start Tor from there
- go in SocksCap and add the program to socksify with the needed command arguments and Run it from there


Top
 Profile  
 
 Post subject:
PostPosted: 05 May 2008 20:24 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
It's incredible, today I was casually searching keywords like teamspeak flooder, teamspeak spammer or ts flood/spam on Youtube and ALL the videos about this argument used just my "Teamspeak Fake Players DoS" (tspeakfp) tool BUT saying that the program was written by themselves.
These morons think that creating a small launcher with a button for launching my tool gives them the right of not crediting me or doing worst things (like cancelling my references from source code and recompile it)... what idiots


Top
 Profile  
 
 Post subject:
PostPosted: 06 May 2008 07:05 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
sockscap is pretty good with TOR, but its kind a slow. well but if you wanna fuck up a server its great for leaving on for days.

Luigi i know exactly what you mean lol. I just hate those kind of retarded brats. they always claim that they made it (whtever it is). 3-4 years ago i remember how noobz claimed that they made your lithsec tool.
It was also same about my avp2 hacks i made...i gave it to wrong person and it got out .. and then every noob said that they made it. I guess they just want to feel important or something ..This is y i dont put good hacks/exploits out in public anymore..only sharing with trusted ppl


Top
 Profile  
 
 Post subject:
PostPosted: 07 May 2008 01:33 

Joined: 05 May 2008 01:39
Posts: 8
I ran tor and then the socks program and it said everything was functional, I loaded firefox through it and it did infact say my IP had changed an I was located in France, but then tor started spitting warns that information could be leaking, so when I loaded gs arcade, it disconnected me immediately so it had to have gotten through, what should I do?


Top
 Profile  
 
 Post subject:
PostPosted: 07 May 2008 08:16 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
uhm ?! dont understand completely..but i suggest you to use proxyfirewall and TOR.
in short...get proxyfirewall (PF)
in PF go to open proxies
add...
then set it to use TOR (127.0.0.1:9050) SOCKS4 (has to be socks4)
now PF is ready .. run TOR too ofcourse.
now simply run whtever u wanted to get thru proxy .. PF will detect it.
choose ''proxy'' .. and then choose the proxy you made (127.0.0.1:9050).
kind a messy, but i hope u understand..if not then pm me or something.


Top
 Profile  
 
 Post subject:
PostPosted: 08 May 2008 00:43 

Joined: 05 May 2008 01:39
Posts: 8
I did exactly what you said, and it appeared to be working, but when I load gs arcade I get this new error:

[Summary]
GameSpy Arcade experienced 'Access Violation' (0xc0000005) at address: 005F3997 01:001F2997 in module 'C:\Program Files\GameSpy Arcade 3\Aphex.exe'


Top
 Profile  
 
 Post subject:
PostPosted: 08 May 2008 10:55 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
seems that gamespy has some anti system that wont allow to interfere with it ... not sure. Luigi maybe knows more about it.


Top
 Profile  
 
 Post subject:
PostPosted: 08 May 2008 11:04 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
depends by the method used by proxyfirewall to catch the packets of the programs, with sockscap (if I'm not in error) there is no such problem


Top
 Profile  
 
 Post subject:
PostPosted: 08 May 2008 12:34 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
well sockscap does not interfere with programs, but proxyfirewall does. it blocks access for each program and asks - allow, deny, proxy.
i seriously doubt that this is the case..uninstall gamespy, clean registry, reboot and clean install it back. maybe that helps.

proxyfirewall allows you to route ANY program (file) thru proxy .. even if there is no option for a proxy (like games) so it has to interfere with programs somehow.


Top
 Profile  
 
 Post subject:
PostPosted: 11 May 2008 16:49 

Joined: 05 May 2008 01:39
Posts: 8
It did the same exact thing with both programs, however the socks program works wonders at school for the lightspeed blockers!

Anywho, when I load up gs arcade tor says something like:

[WARN] This is just a change in your IP Address, anything using DNS may leak information.

except it's a lot longer.


Top
 Profile  
 
 Post subject:
PostPosted: 12 May 2008 10:39 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
well im not going to install this piece of shit gamespy (its total junk if u ask me), but im 100% sure i can get it working with proxy in no time.
it has to work with proxyfirewall.

what you can try is ... uninstall whole gamespy and CLEAN registry (you MUST do it) then reboot, clean install gamespy.
NOTE - also before cleaning registry .. make SURE that there is no gamespy files left in pc (manually find and delete them all before cleaning registry).

now .. after uve cleaned registry and rebooted, run TOR and proxyfirewall .. NOW clean install gamespy an when it asks for net access....set it thru proxy. if it has some system that doesn't allow memory changes after install then this way it should work. i got the idea from test drive unlimited..it does same thing with my zonealarm firewall...if its on during install it works...but when i turn it off and run game .. it will crash. it happens because game doesn't allow any changes after install or something like that ..it gives no error msg (just freezes) so i can't debug it either.


Top
 Profile  
 
 Post subject:
PostPosted: 13 May 2008 00:11 

Joined: 05 May 2008 01:39
Posts: 8
Well I've been speaking with an admin, and last night I restored my pc, so either I talked them out of my ban or it has something to do with the registry.


Top
 Profile  
 
 Post subject:
PostPosted: 13 May 2008 11:00 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
hmm no it can't have something to do with registry (i mean windows registry).
Windows registry
in short it holds all the changes you make ... like control panel changes, tweaks for win and in most cases it holds the info about evaluation and demo programs. if u uninstall demo and reinstall .. its still expired...so the data is stored in registry. but if you find and delete it .. and then install it again, u will be able to use it for the period of time again, but it has nothing to do with bans. ban is purely server side.
i was just suggesting it because u said it crashes. MOST programs doesn't uninstall completely..they leave traces into registry .. and if u install it again then it may still have the problem it had before (unless u install into other folder, sometimes it helps too).


Top
 Profile  
 
 Post subject:
PostPosted: 13 May 2008 12:08 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
About the proxy problem there is another trick you can try to bypass the crash.
Use the tool "GS Peerchat proxy decrypter 0.3a" aka peerchat_proxy available in my peerchat section:

http://aluigi.org/papers.htm#peerchat

before launching it socksify it using sockscap and then follow the instructions on the screen (if it will give you connection problems check if 127.0.0.1 is bypassed by sockscap for local addresses which if I'm not in error is by default, anyway just a note in case something doesn't work).

In short you will have the following situation:
- GSA will not connect to the GS peerchat server but to peerchat_proxy, so to your pc
- peerchat_proxy will get the connection and then will connect to the real peerchat server through the proxy set in sockscap (sockscap + tor)

seems a bit complex but in reality it's easy and will also give you the possibility of seeing the peerchat IRC protocol of GSA which is ever interesting


Top
 Profile  
 
 Post subject:
PostPosted: 14 May 2008 21:38 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
well i kind a came up with one ... well kind a stupid idea, but it will work for sure. if you really are banned and can't get it to work with proxy in any other way then use virtual machine :)
vmware or microsoft virtual pc and set whole virtual machine go thru proxy and install gamespy there and/or use tools you wanna proxify.
i think its possible to route whole virtual machine thru a sockscap so it changes ip time to time.


Top
 Profile  
 
 Post subject:
PostPosted: 23 May 2008 10:38 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
A little correction, Tor supports only TCP (socks5 supports both UDP and TCP but Tor allows only TCP at the moment) so the sockscap+tor thing cannot be applied to UDP games, so practically all the games.


Top
 Profile  
 
 Post subject:
PostPosted: 23 May 2008 12:08 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
you sure that tor dont support UDP ? ..because im pretty sure i played avp2 thru TOR and it worked. ..and ofc avp2 uses UDP.


Top
 Profile  
 
 Post subject:
PostPosted: 23 May 2008 12:43 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
yes I'm 100% sure, was enough to socksify netcat -u or idinfo and they quitted immediately.
Tried also quake 3 using both sockscap and the in-game socks support but doesn't work (in fact the servers guess my italian location perfectly).


Top
 Profile  
 
 Post subject:
PostPosted: 23 May 2008 23:31 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
we kind a discussed it already, but just for others.
i tested it in half-life. and yes server admin saw my ip.
i used TOR + ProxyFirewall. PF popped up the window, asking allow, deny, proxy.
it also showed tht its going thru proxy in the log, but didnt work. it also timed out after like 10 seconds in server. if it didnt proxify my ip then wtf did it do ?
i also don't understand how its possible. it should simply timeout or something like that, not connect with my ip directly. ProxyFirewall should not allow any kind of bypassing so im guessing that if you use TOR to proxyfy UDP protocol then it simply direct connects you somehow.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 35 posts ]  Go to page 1, 2  Next

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: