TeamSpeak 3 Query MitM Attack

[Asphyxia]

So, you open telnet and plan on hopping into your server to change things. A hacker lurks secretly listening to your session. He intercepts your username and password. Before you know it, your server is compromised.

It shouldn't be too hard to sniff out TeamSpeak connections and snag their server admin key/pass. Thanks to TeamSpeak using telnet, they should have chosen to use SSH.

A YouTube video will come on this shortly.

 

[ehthe]

http://www.felipemartins.info/2013/03/netcat-the-it-swiss-knife-complete-commented-examples/

A more advanced way would be to code your own proxy to save passwords

 

[pyro199931]

where is the video?

 

[Asphyxia]

Here is a tutorial on what you would do. All you need to do is sniff the packets, your aim is to sniff out traffic on port 10011. If you do that, chances are that you can sniff out login information, which would result in unauthorized access (credentials). You can do this a few ways, you could use Wireshark to sniff for connections on the client and or server (sever query), maybe Cain and Abel --- I will list some useful resources below:
www.d3scene.com/forum/internet-guides/24690-tut-cain-abel-sniffing-tutorial.html
Check out this video for an awesome YouTube video (caution: Indian accent) on capturing Telnet data using Wireshark.

Postscriptum: I am sorry pyro, I do not like discussing this publicly although I am encountering an unfortunate personal life right now. My mental health is not well, I am seeking help to get back to my normal happy, productive and hard-working self. I am having problems with a girl that I love very much, things happen. The main problem I encounter right now is that with my state of depression, I am still a very good deep thinker. Although part of being depressed involves lack of a drive, little motivation and what I plan on doing either takes longer or doesn't end up happening.

Postscriptum2: I am really trying to work up the motivation to "JUST DO IT!!!", I am going to do this and then go to bed.

 

[Asphyxia]

Update, they actually use TLS/SSL over Telnet which is more secure although it is not bulletproof. It would involve more work to decrypt the traffic, I think it could definitely be done although it makes an attack more challenging and less realistic than I originally believed, see here: http://support.citrix.com/article/CTX116557 and http://blog.gogo244.tw/2014/08/20/use-wireshark-to-decrypt-ssl/ for any developers looking into this, this will likely be your best friend: https://wiki.wireshark.org/SSL

In a sense they pretty much do use SSH. Instead of just using SSH like would make sense though, they just use Telnet --- I personally think Telnet should just die. SSH was redesigned with security in mind, leaving Telnet in the dust. Ref: http://www.reading.ac.uk/internal/its/help/its-help-pcsecurity/its-pcsecurity-ssh.aspx

SSH's encryption protects you from two main attacks: someone sniffing your credentials and logging into the wrong machine. Imagine someone pointed port 10011 to another server, you could possibly be sending your password to the TS3 "server query" when really someone crafted a simple attack to capture the raw information typed over Telnet. SSH is better equipped for security by default. Telnet is not so much. Telnet with TLS only helps to protect against sniffing, but it generally will not stop you from signing into the wrong machine.

 

[ehthe]

Hum no ? It's plain text.
You can just use netcat as a proof of it being cleartext.

nc ip.ip.ip.ip 10011

 

[Asphyxia.Cell]

Hum no ? It's plain text.
You can just use netcat as a proof of it being cleartext.

Oh, really?? Ws seemed to return nothing raw, maybe I was doing something wrong :0 I'll have to try again, hmm.

 

[tagKnife]

You need to be on the physical network to sniff out peoples login... If it was as easy as OP said it was the internet wouldn't exist.

 

[CoC-Eu]

But if you need a stable connection you need the serveradmin password what not can be cracked / hacked ?