Skip to content

Commit 3fcd248

Browse files
bcolesbcoles
committed
Add documentation
1 parent d66e806 commit 3fcd248

File tree

1 file changed

+53
-0
lines changed

1 file changed

+53
-0
lines changed

documentation/modules/auxiliary/gather/teamtalk_creds.md

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
## Description
2+
3+
This module retrieves user credentials from BearWare TeamTalk.
4+
5+
Valid administrator credentials are required.
6+
7+
Starting from version 5, TeamTalk allows users to login using a username and password combination. The username and password are stored on the server in clear text and can be retrieved remotely by any user with administrator privileges.
8+
9+
10+
## Vulnerable Application
11+
12+
[TeamTalk 5](http://www.bearware.dk/) is a freeware conferencing system which allows multiple users to participate in audio and video conversations. The TeamTalk install file includes both client and server application. A special client application is included with accessibility features for visually impaired.
13+
14+
This module has been tested successfully on TeamTalk versions 5.2.2.4885 and 5.2.3.4893.
15+
16+
The TeamTalk software is available on the [BearWare website](http://www.bearware.dk/) and on [GitHub](https://github.com/BearWare/TeamTalk5).
17+
18+
19+
## Verification Steps
20+
21+
1. Start `msfconsole`
22+
2. Do: `use auxiliary/gather/teamtalk_creds`
23+
3. Do: `set rhost <RHOST>`
24+
4. Do: `set rport <RPORT>` (default: `10333`)
25+
5. Do: `set username <USERNAME>` (default: `admin`)
26+
6. Do: `set password <PASSWORD>` (default: `admin`)
27+
7. Do: `run`
28+
8. You should get credentials
29+
30+
31+
## Scenarios
32+
33+
```
34+
[*] 172.16.191.166:10333 - Found TeamTalk (protocol version 5.2)
35+
[+] 172.16.191.166:10333 - Authenticated successfully
36+
[+] 172.16.191.166:10333 - User is an administrator
37+
[*] 172.16.191.166:10333 - Found 5 users
38+
39+
TeamTalk User Credentials
40+
=========================
41+
42+
Username Password Type
43+
-------- -------- ----
44+
debbie 1234567890 1
45+
murphy 934txs 2
46+
quinn ~!@#$%^&*()_+{}|:" <>?;',./ 2
47+
sparks password 2
48+
stormy 1
49+
50+
[+] 172.16.191.166:10333 - Credentials saved in: /root/.msf4/loot/20170724092809_default_172.16.191.166_teamtalk.user.cr_034806.txt
51+
[*] Auxiliary module execution completed
52+
```
53+

0 commit comments

Comments
 (0)