Interestingly i once saw this as an opportunity to bypass the "login lobbies" of semi-premium servers but at the time (aroun 2018) i wasn't savy enough to know how to breach those defenses, this was a very good documentary...
@@niicespiice Idk if it's these ones, but basically, through cracked clients you could just enter with a name you choose and then make a password if the name's not taken. If you were to be premium, logging in with your name if it's not already taken gives you the option to first make ur password and then "turn" your account into premium status, so once you log in you don't need to use ur password and such, usual premium login.
As a server owner, and developer for MC Mods/Plugins you did an amazing job explaining all of the systems talked about in this video! Great video for those who want to learn about the basics of Bungeecord security & networking works as well! I also loved the small jab at Eclipse LMAO 11:28
Yeah I don’t know how anything works and this video honestly helped me understand how all this works, this also explains why once I got a warning by bungee cord and no one explained what the hell it was
To be fair, its a good thing he disclosed said method which this guy could be considered a Grey hat hacker, since he didn't do it with permission, but seeing as he helped the admins and devs, well - he technically got away. I would prefer to use a White hat method, but obviously I would only use "burner" accounts (with permission) and tell the admins about such. This is part of cybersecurity, and can be known as other names, especially ethical hacking. Although some countries deem it as a grey area, it is what it is.
He also stole discord accounts so I am thinking they only disclosed the exploit to reduce their punishment, more black hat with the hypixel instance itself being grey.
@@mrdragonboi why are you trying your hardest to sound "cool" and "knowledgable". "gReY hAt" "wHiTe HaT aPpRoAcH" "eTHiCaL hAcKiNg"...? Cringe NPC go back to playing games and doing homework 💀 No one that honestly knows whats up talks like that 🤦♂️
so basically, every once in a while, a genius comes and somehow hacks Hypixel. they found out they asked about it sometimes they tell, sometimes they don't and at the end they fix all and ban / wipe / punish the hackers. crazy stuff but bro has brains
@@ItzYotamGamingYT misconfigured ports/machines are very very common and its honestly amazing the internet still functions with how poor the security is on most systems
@@ItzYotamGamingYT usually you have to look through logs to figure out what happened when its malicious as people dont really like to share that and make themselves public when theyre bad. But yea in cases like this and in good cases its awesome to have stuff directly from the hacker, glad you found cybersecurity interesting have a good day bro :]
As someone with extensive experience in system administration and Spigot plugin development, I think that this was a nice explanation of the exploit. However, I have one correction to make: Velocity is NOT a fork of Bungeecord, but an independent project serving as an alternative to PaperMC's now discontinued "Waterfall" Bungeecord fork that aims for higher performance and security
Random comment but me and my friend are currently taking a Cyber Security class studying for the SC-900. Your explanation of the encryption system genuinely taught us better than our teacher. Hope to see more of this kind of content, maybe your explanations will help us pass the SC.
Hypixel's lucky this wasn't a malicious hacker, in this guy's position I'd start Mass-Banning Hypixel moderators on the spot because I find their staff team corrupt as hell
@@Snoozzei Yes. They will ban based on personal bias, such as flagging a Soviet Flag "Inappropriate" in build battle, despite it, to my knowledge, not being considered an offensive symbol (And making stupid unrelated things to the theme isn't against any rules). I stopped playing Hypixel years ago for various reasons, some unrelated to the server itself, and can't say I'll miss too much about it. I liked build battle and Farm Hunt and maybe sometimes come back to visit it but with the generation of the Skibidi Bedrock children upon us and the Java players outgrowing Minecraft, Hypixel definitely has an unpredictable future
Good video, only correction I'd make is for the public/private keys. The public key is used for encrypting values in transit to the private key holder, ensuring that only the intended recipient can decrypt it. The public key is never used for decryption in most systems as it negates the benefit of knowing that only the recipient can decrypt the message since anyone can obtain the public key. A good example of this is any secure web protocol. Both clients will generate their own private/public key pairs and then exchange public keys and use their private keys to decrypt incoming messages. On a side note, it's surprising that the hypixel instances were left exposed on the web in the first place. If traffic is only meant to be routed through the reverse proxy, then what's the point in leaving them exposed on the open web? Some clever tricks with VLANs would've meant that scanning for the server would've been ineffective.
@@_thomas try to actually dm the marketing representatives of certain companies that are close to the content you offer and offer them a sponsorship, this is a way to get recognized faster and it'll help you get sponsorships easier and have them as your clients.
im impressed, never saw this channel and having "minecraft/hypixel" and "hacked" in a video title doesnt sound promising (theres too many fake "i griefed server XY" or "i hacked server XY" on this plattform). but im really surprised, this is a really informative video and im glad i stumbled over it. thanks for taking your time to educate us 👍
I like the way you explained all of this. I work with servers, and IPs, ports, proxies, firewalls and backend servers are something I deal with on a daily basis, but took me a long time to understand when I started. Would have loved to have your video back then.
Very well done explanations! Just finished a proxy system for my server, and I had to learn everything you explained so will by myself. If only I had these videos a week earlier!
first video i ever watched from you- i put this on for background noise and slight bit of entertainment as i ate a bowl of cereal, praying that you wouldnt be a super quiet content creator that my eating would drown out... just to find out that you are very much not quiet and do your own subtitles.. based as hell, im def coming back here again lmao
Not gonna lie, this was such a good documentary. I'm surprised you only have 18.4k subs since your content is peak. Keep it up bro, earned another sub!
Actually most of the times there are no decryption. Usually this token check works like encrypting the data you gave us and checking if they both have same hash script. Since we have the hash on our database, we can compare them and check if they match
Genuinely informative and overall well made video! It's honestly surprising that Hypixel didn't have (an equivalent of) BungeeGuard for their servers. learning something new behind big servers haha
Wow I remember the players with level 5,000+ and had no idea this is what took place. I’m pretty sure hypixel covered it up at the time, claiming they abused some bug
damn that was well made video insane man also i remember when servers were running 1.8 bungeecord so simple to get to the server bypass authme and grief them i remember i had friend who was very insane in this stuff we griefed one german server like it was fun got bored quickly since nobody was there well anyways keep posting more vids il watch them if its like hypixel history related ;D
If you ever get bored of Minecraft videos, please make white hat hacking/computer science explanation videos. I already knew most of the stuff here, but I was surprised at how well it was explained here. I'd love to have such videos back when I was studying this.
As a IT student who learns about ethical hacking. This is actually extremely smart. People like this could become a pen tester and make big bank legally. It takes a lot of skill, experience and creativity to come up with stuff like this
Really well explained. I'm pretty familiar with pentesting and how that stuff works (I work with it and daily drive BlackArch and Qubes) and I love how you ELI5'd it so well so people can understand easily. That hacker was an absolute legend, found the backdoor and responsibly just said what it was so they could patch it, and didn't abuse it for his monetary gains. That's how we do it. Thanks for making this video, it was definitely a good watch. Definitely subscribed!
Bungeecord in this sense could be also called a load balancer. I guess reverse proxies are all load balancers if configured to do so. Side note: great video, wasnt expecting such s low subscriber count with this quality.
@@Timongcraft Exactly, there would be load balancing at DNS level (correct me if I'm wrong but I think multiple SRV records) which could point to a different bungeecord instance depending on 'priority' (I think) of the SRV records. I never had to do this, this is based off general system administration knowledge. Then each bungeecord instance works together to route the player across those mini servers.
That's crazy. As someone who has been doing server development and some pentesting myself over at least a decade now, I'm surprised as to how easy of an exploit went unnoticed for so long. I've actually done this before as a test on some smaller servers I worked on as well. Crazy dude. Edit: The fact that they were still using Legacy Bungeecord as well is insane.. but, it makes sense seeing that the server itself is really old and has thousands of players that still play today.
As per US laws, this almost certainly wouldn’t constitute hacking, because the “hacker” in this case never entered any kind of password or secret, and didn’t abuse known a software bug to bypass such authentication. Misconfiguring a server and giving someone access because you didn’t properly authenticate them is, in fact, not a violation of the computer fraud and abuse act.
The fact that you have to install a seperate plugin so the backend servers can validate the authenticity of the bungeecord server is insane. Like the whole authentication is handled by bungeecord. Applications like this should be secure by default.
really good vid and nice explanation. as a java dev myself i have a lot of experience in this and yeah i can say most of the things this guy said is true. There were too many ads tho...
As someone trying to get into cyber and tech these were great explanations of all the concepts involved I really loved the port scan metaphor in particular!
Hypixel having a max player count of 50k with an average of 30k people being on at any given time is really crazy to me. I started playing hypixel in 2015 and haven't been on since 2020. I was online when they hit the maximum connected players (555k at the time) record & sent out a server announcement through chat to thank everyone for playing. Very surprised that the new generation doesn't have much interest in playing multiplayer servers anymore.
well thats one long of a way to explain the bungeecord exploit... And the fact that this happened to hypixel is pretty interesting to me... Never knew that... But im gonna be honest and just say: you dont need an modified version of bungeecord to do this... You can just change the onlinemode to false and it has the same effect as the mentioned "modified version". Interesting video! Keep it up!
Here Before 25k! (Pls pin lol)
Same
Here as well!
me tooo
Hi centi (im already in ur Discord and im friends with u on discord)
Here before the children
Interestingly i once saw this as an opportunity to bypass the "login lobbies" of semi-premium servers but at the time (aroun 2018) i wasn't savy enough to know how to breach those defenses, this was a very good documentary...
how do semi-premium servers work? i'm interested because i currently have a cracked server and it has security issues
@@niicespiice Idk if it's these ones, but basically, through cracked clients you could just enter with a name you choose and then make a password if the name's not taken. If you were to be premium, logging in with your name if it's not already taken gives you the option to first make ur password and then "turn" your account into premium status, so once you log in you don't need to use ur password and such, usual premium login.
@@niicespiice fed
@@Shizkeb XD
@@niicespiice smei premium auto logs u in to the server without needing the /login command. if you have a premium mc account
I can't believe Hypixel made themselves vulnerable to the exploit that normally only occurs on all the 10yo kids first bungee networks.
it's because they thought that a firewall is enough, an error on the backend caused for the firewall to reset
@@adrian-pr4tn in this case it would be enough if it wasn't reset
@@adrian-pr4tnThat's why you don't only have 1 layer
@@Timongcraft i'm just explaining
@@Timongcraft If they have more than one, that would lead to more lag for the server (and you know they are already horrible)
As a server owner, and developer for MC Mods/Plugins you did an amazing job explaining all of the systems talked about in this video! Great video for those who want to learn about the basics of Bungeecord security & networking works as well!
I also loved the small jab at Eclipse LMAO 11:28
intellij my beloved ❤️
True I am a cyber security student and he explained the Asymmetric authentication part really really well
Yeah I don’t know how anything works and this video honestly helped me understand how all this works, this also explains why once I got a warning by bungee cord and no one explained what the hell it was
Yea i also known that why bungecord can only connect to different server
To be fair, its a good thing he disclosed said method which this guy could be considered a Grey hat hacker, since he didn't do it with permission, but seeing as he helped the admins and devs, well - he technically got away. I would prefer to use a White hat method, but obviously I would only use "burner" accounts (with permission) and tell the admins about such. This is part of cybersecurity, and can be known as other names, especially ethical hacking. Although some countries deem it as a grey area, it is what it is.
He also stole discord accounts so I am thinking they only disclosed the exploit to reduce their punishment, more black hat with the hypixel instance itself being grey.
@@mrdragonboi why are you trying your hardest to sound "cool" and "knowledgable". "gReY hAt" "wHiTe HaT aPpRoAcH" "eTHiCaL hAcKiNg"...? Cringe NPC go back to playing games and doing homework 💀 No one that honestly knows whats up talks like that 🤦♂️
@@andrewkvk1707 Yeah fair point
man just put the fries in the bag
@@MrMauio Alright then
so basically, every once in a while, a genius comes and somehow hacks Hypixel.
they found out
they asked about it
sometimes they tell, sometimes they don't
and at the end they fix all and ban / wipe / punish the hackers.
crazy stuff but bro has brains
this exploit existed since forever, hypixel was only so unlucky for one of their firewalls to die and allow connections
@@ItzYotamGamingYT misconfigured ports/machines are very very common and its honestly amazing the internet still functions with how poor the security is on most systems
@@DreadHalfling9 well yes but my point is someone finds an exploit, abuses it and then tells it, it's a cycle
@@ItzYotamGamingYT usually you have to look through logs to figure out what happened when its malicious as people dont really like to share that and make themselves public when theyre bad. But yea in cases like this and in good cases its awesome to have stuff directly from the hacker, glad you found cybersecurity interesting have a good day bro :]
@@DreadHalfling9 alright, and thanks you too 👍
As someone with extensive experience in system administration and Spigot plugin development, I think that this was a nice explanation of the exploit. However, I have one correction to make: Velocity is NOT a fork of Bungeecord, but an independent project serving as an alternative to PaperMC's now discontinued "Waterfall" Bungeecord fork that aims for higher performance and security
I thought Velocity is the discontinued fork and Waterfall was the independent one made from scratch
@@Kristibek Nope, it's the other way around. Velocity is more modern and the only proxy the PaperMC team is maintaining at the moment
this is correct
(kinda embarrassing since I was building plugins for both 4 years ago)
8:28 A needle in a haystack in a field of haystacks.
WHY IS NOBODY TALKING ABOUT HOW ON THE MAP IN THE INTRO NZ IS JUST ROTATED UK 😭
HAHAHAHA CONGRATULATIONS you are the first person to notice
@@_thomas Why is Africa gone?
what happend to italy…
@@_thomasI noticed straight away and was confused, It's where I live aswell 😂😂
Random comment but me and my friend are currently taking a Cyber Security class studying for the SC-900. Your explanation of the encryption system genuinely taught us better than our teacher. Hope to see more of this kind of content, maybe your explanations will help us pass the SC.
i LOVE how you explained this, its not even hard to understand with your visual examples
How da hell im i subscribed
I think you hacked me
@@xfsdark bro is it me at the thumbnail
@@aathifshadow6549
hmm , don't copyright him then
@@xfsdark I won't do it
1:51 "Your latest 2 week Minecraft phase?" He knows us good xD
@@TheWin9User Came here to say this too lmao, too accurate
I came to watch how one guy hacked Hypixel but learned the whole computer science, wtf! Amazing video dude, immediately liked and subbed!
@@Bilge-ko5qp I decided to watch it 3 times cause I didn't expect to learn it either! Gonna be saving it to keep my mind refreshed about it
@@teraba1696 exactly, it's clean as water and teaches this topic very effectively, amazing!
Hypixel's lucky this wasn't a malicious hacker, in this guy's position I'd start Mass-Banning Hypixel moderators on the spot because I find their staff team corrupt as hell
on god. there system sucks too. i've been banned for like 7 years for something i did when i didn't know any better i was like 16 then
@@Snoozzei Yes. They will ban based on personal bias, such as flagging a Soviet Flag "Inappropriate" in build battle, despite it, to my knowledge, not being considered an offensive symbol (And making stupid unrelated things to the theme isn't against any rules). I stopped playing Hypixel years ago for various reasons, some unrelated to the server itself, and can't say I'll miss too much about it. I liked build battle and Farm Hunt and maybe sometimes come back to visit it but with the generation of the Skibidi Bedrock children upon us and the Java players outgrowing Minecraft, Hypixel definitely has an unpredictable future
Same with fakepixel network
15:03 hmm i guess I can start hacking now
Я тоже (me too)
@@mrcavas and me, конечно же)
And meeee my mom going buy me vape v4 ghost client IM going hack and get revenge who people who bully steve andnplayers and me BHAHAHHAHA
Good video, only correction I'd make is for the public/private keys. The public key is used for encrypting values in transit to the private key holder, ensuring that only the intended recipient can decrypt it. The public key is never used for decryption in most systems as it negates the benefit of knowing that only the recipient can decrypt the message since anyone can obtain the public key.
A good example of this is any secure web protocol. Both clients will generate their own private/public key pairs and then exchange public keys and use their private keys to decrypt incoming messages.
On a side note, it's surprising that the hypixel instances were left exposed on the web in the first place. If traffic is only meant to be routed through the reverse proxy, then what's the point in leaving them exposed on the open web? Some clever tricks with VLANs would've meant that scanning for the server would've been ineffective.
insane quality and attention to detail from an underrated channel
5:49 Ithlught that was gonna be a sponsorship lol
man i WISH
@@_thomas try to actually dm the marketing representatives of certain companies that are close to the content you offer and offer them a sponsorship, this is a way to get recognized faster and it'll help you get sponsorships easier and have them as your clients.
im impressed, never saw this channel and having "minecraft/hypixel" and "hacked" in a video title doesnt sound promising (theres too many fake "i griefed server XY" or "i hacked server XY" on this plattform). but im really surprised, this is a really informative video and im glad i stumbled over it. thanks for taking your time to educate us 👍
I like the way you explained all of this. I work with servers, and IPs, ports, proxies, firewalls and backend servers are something I deal with on a daily basis, but took me a long time to understand when I started.
Would have loved to have your video back then.
amazing video- great balance of technical detail and accessibility to everyone. Keep up the great work!
Very well done explanations! Just finished a proxy system for my server, and I had to learn everything you explained so will by myself. If only I had these videos a week earlier!
@@infinite_bed damn! if only I had posted this video more than a week ago... 😔
I've learned more Cybersecurity concepts in this video than my own college course back in the day. I love this video.
You did a fantastic job at describing all the server security feature then some of my professors lol
15:04 Being a government hacker on you're goverment's side is a job.
Goated video
first video i ever watched from you- i put this on for background noise and slight bit of entertainment as i ate a bowl of cereal, praying that you wouldnt be a super quiet content creator that my eating would drown out... just to find out that you are very much not quiet and do your own subtitles.. based as hell, im def coming back here again lmao
Not gonna lie, this was such a good documentary. I'm surprised you only have 18.4k subs since your content is peak. Keep it up bro, earned another sub!
i love how you so effortlessly explained asymmetric encryption in 3 minutes better than my computer science teacher did in an hour
Great job explaining concepts of server scaning in simple terms!
Crazy good explanations / editing in PERFECT pace 😍✨💅😮💨
It's wild that you kept my attention while describing how logins work
Actually most of the times there are no decryption. Usually this token check works like encrypting the data you gave us and checking if they both have same hash script. Since we have the hash on our database, we can compare them and check if they match
This is a really good video, i love the editing
well, that's why port plus cidr scanning is so important
loved the video, really well explained.
here before 25k! Great video bro!
Nice informative video on internet security and technology! Well done.
as someone tryna get into cybersecurity and also love minecraft, this was the best video i have ever seen
1:14 wow tysm for this free cats clip
Amazing representation for ports, i've always explained it to my friends as doors to a house but this was a nice well made video for sure. subbed.
I learned more cybersecurity in this video then my actual class- IN 15 MINUTES.
Genuinely informative and overall well made video! It's honestly surprising that Hypixel didn't have (an equivalent of) BungeeGuard for their servers. learning something new behind big servers haha
Very good vid, story telling and explaining. Enjoyed watching it through, keep it up!
Wow I remember the players with level 5,000+ and had no idea this is what took place. I’m pretty sure hypixel covered it up at the time, claiming they abused some bug
Well, you've earned a sub! Made me a little more interested in hacks since my microsoft account just got hacked... good job on the explaination!
damn that was well made video insane man also i remember when servers were running 1.8 bungeecord so simple to get to the server bypass authme and grief them i remember i had friend who was very insane in this stuff we griefed one german server like it was fun got bored quickly since nobody was there well anyways keep posting more vids il watch them if its like hypixel history related ;D
this is an incredible video man, editing and info wise, loving it! you just gained a new sub
If you ever get bored of Minecraft videos, please make white hat hacking/computer science explanation videos. I already knew most of the stuff here, but I was surprised at how well it was explained here. I'd love to have such videos back when I was studying this.
As a IT student who learns about ethical hacking. This is actually extremely smart. People like this could become a pen tester and make big bank legally. It takes a lot of skill, experience and creativity to come up with stuff like this
Great video, very good explanation of ports ( towns ).
In just 2 hours There is already someone who archived it In Way back machine This video Is really Great.
Techy people like stuff like this and theyre usually the ones who use wayback :)
@@DreadHalfling9 Yes sadly The video Is not Registered.
Good vidéo ! Continue like this !
i actually love this editing style so fucking much
I love the way you explained things in the video, I actually understood something for once
11:48 damn... all the evil hacker wanted was friends all along 😔
Bro the way you explain things is crazy good
Very very Underrated Video, keep up the good work. Rn the video is at 52,288 view, and I wont be surprised if it hit 2-3 mill.
The port explanation was amazing!
Hacked the subscribe button just for you. Interesting video, thanks for putting in all the effort to bring it to us!
Really well explained. I'm pretty familiar with pentesting and how that stuff works (I work with it and daily drive BlackArch and Qubes) and I love how you ELI5'd it so well so people can understand easily. That hacker was an absolute legend, found the backdoor and responsibly just said what it was so they could patch it, and didn't abuse it for his monetary gains. That's how we do it. Thanks for making this video, it was definitely a good watch. Definitely subscribed!
Good video, love the networking lessons
Bungeecord in this sense could be also called a load balancer. I guess reverse proxies are all load balancers if configured to do so.
Side note: great video, wasnt expecting such s low subscriber count with this quality.
Nah, you have load balancing on top, one BungeeCord instance isn't enought and also if that would fail it would be catastrophic
@@Timongcraft Exactly, there would be load balancing at DNS level (correct me if I'm wrong but I think multiple SRV records) which could point to a different bungeecord instance depending on 'priority' (I think) of the SRV records.
I never had to do this, this is based off general system administration knowledge.
Then each bungeecord instance works together to route the player across those mini servers.
@@DataDerp Ig and they probably either have Bungee in Bungee or some other proxy like HA Proxy too after that.
You explained all concepts very well!
Bro is so underrated. I learnt more from this than in computing class.
Awesome video, love your explanations and editing :)
That's crazy. As someone who has been doing server development and some pentesting myself over at least a decade now, I'm surprised as to how easy of an exploit went unnoticed for so long. I've actually done this before as a test on some smaller servers I worked on as well. Crazy dude.
Edit: The fact that they were still using Legacy Bungeecord as well is insane.. but, it makes sense seeing that the server itself is really old and has thousands of players that still play today.
2:57 = NERD ALERT
As per US laws, this almost certainly wouldn’t constitute hacking, because the “hacker” in this case never entered any kind of password or secret, and didn’t abuse known a software bug to bypass such authentication. Misconfiguring a server and giving someone access because you didn’t properly authenticate them is, in fact, not a violation of the computer fraud and abuse act.
"Cybersecurity professionals need to win every time, attackers need to win only once."
ah yes, hack the subscribe button
The subscribe button: javascript:void(0)
AMAZING VIDEO THOMAS
The fact that you have to install a seperate plugin so the backend servers can validate the authenticity of the bungeecord server is insane. Like the whole authentication is handled by bungeecord. Applications like this should be secure by default.
why can't teachers explain tokens that well?? you are the best teacher of those things!
really good vid and nice explanation. as a java dev myself i have a lot of experience in this and yeah i can say most of the things this guy said is true. There were too many ads tho...
peak content, you're so underrated
As someone trying to get into cyber and tech these were great explanations of all the concepts involved I really loved the port scan metaphor in particular!
that's probably the best metaphor for what a proxy is, cheers
What a great video, I'm a tech teacher and the explanations were so good on this for me!
i like the way u explained things, awesome video 10/10 will subscribe
Love your style of videos. ❤
Really didn’t think I’d see Thomas on my fyp haven’t seen anything since tfm
Great job explaining all the terminologies !!!
Great video! Underrated channel
Why ur so professional bro wow this is next level bro 👏🏻
moyang
Yangmo
agmnoy
gnaymo
Who unpinned this man.
moyang!
Hypixel having a max player count of 50k with an average of 30k people being on at any given time is really crazy to me. I started playing hypixel in 2015 and haven't been on since 2020. I was online when they hit the maximum connected players (555k at the time) record & sent out a server announcement through chat to thank everyone for playing. Very surprised that the new generation doesn't have much interest in playing multiplayer servers anymore.
well thats one long of a way to explain the bungeecord exploit... And the fact that this happened to hypixel is pretty interesting to me... Never knew that... But im gonna be honest and just say: you dont need an modified version of bungeecord to do this... You can just change the onlinemode to false and it has the same effect as the mentioned "modified version". Interesting video! Keep it up!
That hacker totally deserved keeping the creative mind 🤣
I LOVE YOUR EXPLAINATION FOR AUTH TOKENS
phenomenal visuals did not expect that
You're so underrated!
Great explanation
Amazing video and nice explanations
"security is not a process, it's a state until you got pwned"
this was a great video, you've earned a view
taught me about asymmetric encryption better than my cybersecurity class 💀
Yet another great video from Thomas
it's crazy how ONE MAN hacked hypixel man.. not an alien or a god, just one man. 👽
i remember doing this same exploit on some smaller servers, i didn't think hypixel would have ever had this issue considering how large they are.
It actually used to be possible to steal someone's key just by having them join your fake server. Had some fun with that back in the day O7