The Story of Minecraft's Most DANGEROUS Exploits - ForceOP's
Вставка
- Опубліковано 13 чер 2024
- One of the most powerful types of minecraft exploits, also happens to be its rarest. Today we'll talk about some of the very few minecraft forceOP exploits that have actually existed.
My Patreon (exclusive censored content, worlds and plugins) - / themisterepic
--------------------------------------------------------------------
Want to run your own minecraft server with friends or a community?
Get a 25% discount on hosting with code "Epic"!
shockbyte.com/partner/themist...
--------------------------------------------------------------------
Huge thanks to Gildfesh for helping me out with some of the obscure exploits I mentioned in this video!
iCanHasGrief - • HOW TO become Admin on...
Nodus Session Stealer - • Nodus: Session Stealer...
• Nodus - SessionStealer...
Team Avolition Authentication Exploit - gist.github.com/ajvpot/3115176
Other Minecraft Authentication Exploit - github.com/nerdsinspace/leaky...
Thanks for watching! Subscribe and Join My Discord!
Discord - / discord
Twitter - / themisterepicyt
Twitch - / themisterepicyt
Join my OG Minecraft Server, The OG Network! (1.8-1.20): og-network.net
- Website: og-network.net
- Discord: / discord
0:00 - Intro
0:54 - The First Minecraft ForceOP Exploit
3:04 - The Nodus Session Stealer
5:49 - Ajvpot Account Authentication Exploits
8:17 - Bungee Spoofing
11:15 - The Handshake Exploit
12:55 - Sign, Command Block and Book ForceOPs
15:12 - Vulcan ForceOP
17:04 - Log4j
Music Used:
1. First Blood - The Dota 2 Official Soundtrack
2. C418 - Strad
3. nyoko - Flowing Into The Darkness
4. Scott Buckley - Inbound
5. DBadge - Drop ( • Beats You Can Only Lis... )
6. Scott Buckley - Decoherence
7. Lena Raine - Rubedo
If there is any content in this video which you own and would like removed, than please contact me and I will be happy to oblige.
#minecraft #minecraftexploit #minecraftserver - Ігри
Make sure to subscribe, and check out my patreon for exclusive content!
www.patreon.com/TheMisterEpic
Can you talk about pojav lancher in mobile 📱 and its java edition and if you buyed the game you can play in hypixel and for mods you need to put them in tge mods folder and you can download directly forge or fabric in any version
Amazing video man ❤ thank you for taking the time outa your day to make this for us you don't get enough credit
Also take a break you need it dude
@TheMisterEpic
do you know authmebridge exploit?
Minecraft has more vulnerabilities than I have chromosomes
bro 💀
Lol
more than one?
7
Lol@@TheMisterEpic
This is not just Minecraft's most powerful vulnerabilities, it is one of THE worlds most powerful vulnerability (CVSS of 9.8). A remote attacker can execute arbitrary code via the log4j component, and since it is an exploit in the logger, no one would be able to see if an atracker had gained entry.
not a direct Minecraft exploit
I wonder if it is possible to use renamed chests to access other GUIs, like P2W crate rewards.
i love how the reddit post asking about the handshake exploit has a troll comment and a reply getting mad at them
The Log4j exploit (called Log4shell) was given a 10.0 severity rating on the CVE scale. The Log4J exploit ranked among the most severe vulnerabilities in software in the history of software. It sits on the throne alongside EternalBlue (which spawned Ransomware as we know it), Remote Code Execution in email servers for governments, and why the protocol FTP isn't even used anymore. It spawned a furious hellfire of system administrators patching their environments at a speed and urgency not even paced by Y2K.
Yeah, it was pretty much the most severe vulnerability, and that was given the sheer scale of the library. Scale of the library isn't defined just by its program size, but also the usage. And it was EVERYWHERE. This vulnerability quite literally affected the whole Internet. That's why there was such a big fuss about it.
I remember hearing that later versions of Java aren't susceptible to the RCE part of the exploit.
and itsonly the XZ backdoor that is the other 10.0 CVE i know of. log4j was crazy
and itsonly the XZ backdoor that is the other 10.0 CVE i know of. log4j was crazy
Wait, we don't use FTP anymore?
It should be noted that server seeker going public makes cracked servers super vulnerable to forceop. When owners create these servers, they're unaware that anybody can join the server and log in with operator permissions
It should be noted that server seeker going public makes cracked servers super vulnerable to forceop. When owners create these servers, they're unaware that anybody can join the server and log in with operator permissions
@@Theunicorn2012 It should be noted that server seeker going public makes cracked servers super vulnerable to forceop. When owners create these servers, they're unaware that anybody can join the server and log in with operator permissions
It should be noted that server seeker going public makes cracked servers super vulnerable to forceop. When owners create these servers, they're unaware that anybody can join the server and log in with operator permissions
@@BloodravenRivers way to break the comment chain loser
@@BloodravenRiversIt should be noted that the people here were doing something called a chain, and you just broke that said chain.
Using log4j to op yourself is up there with using a flamethrower to light a campfire.
More like on the tier of using the Tsar bomba to light a match. With Log4Shell one can directly take over the user account the Java application runs on, if that account has admin / root priviliges or there is a viable privilige escalation exploit available then the computer is basically fucked, especially if stuff like bios level advanced persistent threat is used (if the computer is not a VM that is). If the computer has credentials then even more can be compromised. Automate that process and you got a self-replicating botnet. Remote Code Execution exploits are no joke.
I can't believe that they used that fkin enormous power to gain only the coords and tokens oof
I'm so glad the handshake exploit was finally explained, I was always curious about Minecraft change logs and that reddit thread never got anywhere.
8:52 quick correction: BungeeCord is a proxy/server software, not a standalone plugin.
blud really said "erm actually... 🤓☝"
@@flipflops99blud really said "I'm 12 and project my insecurities online"
UHGMMMM ACHUTTTTTTLLLYYYY 🤓🤓🤓🤓
@@flooploops4589 honestly I'm laughing at how insecure and immature you are.
Eeerm ACKtuallY ☝🏻🤓
A lot of new servers use velocity as bungecord is outdated and unsafe
Wait til bungeeguard/velocity modern forwarding bypass 😂😂😂 (its impossible without brute force)
That Gildfesh guy seems pretty cool
Godflesh is good band
hmmm
I love how he is subscribed to Team Avo 6:06
Ah Scetch and Nodus. Was good times running around with him. That Session ID exploit was wild times.
Ah Scetch and Nodus. Was good times running around with him. That Session ID exploit was wild times.
@@Theunicorn2012 bad bot
i used to grief servers with the bungeecord exploit, me and a group of friends wrote a plugin that would act as the "hub" that would allow us to join the affected sub-server directly from the game with a command, change the name/ip that we were joining with, and a couple other things that i've forgotten now
we were probably the first or second group of people to use it, fun times :)
grabbing some popcorn, anyone want some?
I’ll take some 🍿
Sure, some tasty popcorn would be nice rn
@@ReimBuch here ya go!
blackwater park is the new minecraft hacked client featuring guest member steve von from Asperger's co. It's very shï sàh lō
thx for reminding me
I wouldn’t be surprised if there is a new forceop method with the new components replacing nbt data in 1.20.5+.
There is always at least one exploit but not discovered yet. Sometimes it takes a lot of time and some programs or Minecraft versions are just not worth it. I mean you can find something in 1.2.5 but I wouldn't be worth it if that's only that version because something was removed for example... Creating non-vulnerable data is almost impossible to do task
@@lisiasty688 I mean the new snapshots for 1.20.5 and 1.21 not the old version 1.2.5
I accidentally leaked my session id from a crash report for a sodium bug in 2023. So apparently Mojang didn’t fix the crash reports having the session ids.
Sharing sensible files with outside people isnt something they need to fix. Just dont share files like that with randoms
I accidentally leaked my session id from a crash report for a sodium bug in 2024. So apparently Mojang didn’t fix the crash reports having the session ids.
@@Theunicorn2012 Because thats not an mistake. Crash reports are supposed to have this kind of data. You are just not supposed to share files and logs without checking what they do/contain with randoms on the web.
Don't the session IDs expire when you exit the client?
@@roughlyunderscore they expire after 2 weeks
I'm the kinda guy to watch 17min videos before going to work in 5 minutes
im surprised the 'i work for planetminecraft' line ever worked. no admin from another website ever deserves admin on ur server. its that simple.
It’s why people are the weakest link in security
but considering none of us were cybersecurity nerds all they were thinking is.. "maybe if i give him op he will recommend my server more!!"
@@LimitlessJayson you dont need to be a cybersecurity nerd to understand that you dont give operator status to a random.... do u hand your password over to anyone that asks for it? braincells people.... use them?
@@LimitlessJayson also no one is going to recommend servers for you, that costs money and its something people dont realise. you either struggle up the normie voting lists or your server gets spread by word of mouth or reddit or planetminecraft. there is no easy quick way to get your server to 'make it'
@@Ninjalette666 this was 10 years ago that this stuff happened why are you speaking to me like I'm retarded
your videos are always my go to night watch content
back then, I believed someone was actually Notch on a server because they were able to appear as his account. Things were just different back then.
Did he drop an apple when killed?
@@theschnozzler probably
Maybe he was Notch.
The biggest exploit is having UA-cam rank on hypixel...
...talking about you, no lag back
esp the second one, you can just climb up walls to escape from mobs and other players.
Bagels are kinda hard
mods can't even ban you for this overpowered exploit smh
lf yt rank no wd routes
Hello. I'm from PlanetMinecraft. Can I please become moderator on your UA-cam channel to test some permissions?
Obv
The Handshake exploit brought back some memories. I remember seeing it posted and taking the risk of downloading it as people thought it was a login stealer. You could literally join any server with any username without any problem. Assumed it was more known.
I literally had the book method done to my server last year, great vid
How are you making videos so fast!?! Love your videos ♥, its great that you've been getting much more active recently!!! I know I've already said this but , I like the vibe that your videos give me , high quality , nice and relaxing videos. Also , what do you use to edit your videos? 🤔
The Log4j vulnerability was actually FAR WORSE than just being a technique to gain an OP on a server. The vulnerability is dubbed Log4shell, and it is what it is. Being it that the library is widely used across the Internet in many popular Java apps and in many industry environments, the vulnerability that gives you an ability to remotely execute any arbitrary code (it is an RCE vulnerability), exploiting it is far more dangerous than just a silly Minecraft hack. Hackers were able to penetrate powerplants for example with this simple exploit. It's actually really scary that this vulnerability was found, and we still have no idea how much and how long it was exploited in the wild. Because the vulnerability was there for quite some time before it was discovered. It is patched now, but god knows how many machines were not only exposed with this vulnerability, but also actively exploited and penetrated. It's not just a silly Minecraft hack, that was a VERY serious deal.
2b2t players being traumatized by the string on the thumbnail
Why
@@Stormie21i think is goddamn log4j
@@nikolaideianov5092 oh
Let’s gooo, the mister epic upload ! 🐐
I feel like I’ve watched this before…
I don’t know why, but I feel like I’ve watched this before
Same lol.
J cole comes out as a trans billy eilish
Lōl
Removed?
@@MD-df7ifno it was bungee corded into outer millenials are soacey hahaha Tool reference
ironicly the only one of these i have heard of was the log4j and the handshake I had no idea there is little info about it
when its sunday and you remember you have to go to school tomorrow but misterepic uploads
8:18 this segment sounds like you spitting bars lmao
i've made a couple of force ops for fun, the type that is a spawn egg that just summons and runs a armor stand that has /op {my_name} on it, ofc, it doesn't work if command blocks are off, but they're quite fun to make
From experience from writing my own game, race conditions (talked about at 12:32) probably took away 2 months of debugging, they're a nightmare to debug.
I commented about this in the last video so thanks for mentioning it
FINALLY the op login to any acc released. I've been wondering how it was done
In 2013 I was the co-owner/admin for a server of a friend. There was another admin that had way too many permissions but I couldn't do anything about it because it was the owners decision, that admin fell for the planetminecraft scam. When I saw it happening in the console I deopped both the admin and the griefer and rolled everything back with coreprotect. Teached the admin a lesson through server broadcast lmao
This was posted 7 minutes ago, gonna watch it now
7 days ago now
I think we need more info on that last Java security vulnerability… it sounded wild and very interesting
There is actually a lot of information online if you look up "Log4Shell", a lot of videos covering it even use Minecraft as the example. I really suggest looking it up if you are even slightly interested because it was insane.
Simply put, the tool that Minecraft uses to log things (such as crash reports) had a vulnerability in it which would allow someone to run any code they wanted if they could get a specific string of text into the logs of an affected program. Minecraft makes it easy to do this just by sending a chat message which meant that you could run any code you wanted on the computer of any connected player or even the server itself.
The exploit being in the most commonly used logging library meant lots of websites, servers and random programs were vulnerable to the exploit, it just happened that Minecraft was one of the things impacted.
You can find plenty of info about it online, as it was a huge security issue and had lots of real-world ramifications
3:00 I remember writing that over 8 years ago
LOL
This might give me nightmares, thanks
Its a good day when a new duping video lands on the internet
I force opped once into a big minecraft event, i got perm banned but it was crazy
Perfect timing, bedtime 👍🏻
This guy needs to make a movie of minecraft news would be so good 😂
I remember back on my brother's first attempt at running a server for his friends someone came in and destroyed the world with this exploit, Ender Dragons and Withers left and right. On his way out he turned on the whitelist as a parting gift and show my brother how to stop someone else from coming in to grief the world again.
Ive seen someones server get messed up by the bungee method because they didn't have the backends firewalled off. I had a good laugh from that.
Man i remember using Session Stealer. I was shocked when it worked
Felt like this was talked about before.
If you joined like hypixel with the handshake exploit, wuldnt you be invincible from the bans?
Yo what is the music you used in the timestamp 9:05 its so cool, i'd like to know the name of it. Please ??
i think the most substantial exploits arent the ones limited to the game but the ones taht give you privelages on the server backend or user machines
First plaied Minecraft somewhere near before beds where introduced, but not too long they where. I was like who should i suppose to fight all these monsters?
cuz u found this you dont have to milk it out along 3 vids.
TheMisterMilkMan
@TheMisterEpic Hm? I watched LifestealSMP some time before, and didn't spoke use the Handshake method to get OP on the server? Or was it just a similar glitch?
Oh man i remember that icanhasgrief video like yesterday!
Cool video!
(on the oldest anarchy server in Minecraft....)
Just call my name
Ωμ×∞∆››
14:04 i would love a video about creative plot worlds and their history/what happened
Its rare to find any of these servers today. i used to play alot in a brazilian server called SkyCraft, it was the most fun i had with multplayer
The history of ratting in Hypixel skyblock is insane
I was already wondering when a video about the log4j exploit would be released.
I remember using something similar to this back in the day 😅
How do you make the enchantment glint look like that please I need it
Force OPPA GANGNAM STYLE
yummy video sad there was no quesadillas
wait i just watched this video earlier today why reupload
Btw that not all force ops , u forgot about aka - plugin called backdoor:)
nice dota ost
9:37 how would I do this? Investigating this to fix my setup
Those are truly game breaking
21 minutes early lets go and the video is edited nice
What’s good nice video .
hold up now, u sped thru that last lil bit there about the command u could type that would give u op and control of a persons computer. idk i think it was log4j ik its probably very limited info on that particular method n probably less you could actually speak of on here, but of all the methods u described in these videos that very last one was very obscure, ive never heard about that one in it peaked my interest because something with that level of control to exert would be very dangerous exploit indeed, not just for servers, alot of these hacks and exploits most pertain to in game control, but one like that, just imagine u know we got old people running our countries u know their grandkids play minecraft how long before some anarchy player gets into REAL trouble for getting into the wrong computer
On Minecraft Wii U it's basically the average day to get someone to force op themselves.
No idea what this is but I'll watch you never the less :)
So how is your first youtube video a patreon exclusive?
The most recent force op exploit was fumbled by people who didn’t know the potential
I love the part where the mister epic force opped all over the place
i remember doing the book forceop it was fun sadly i got banned shortly after then every admin know about it they were just playing around and yep got ban :D it was still fun
Is this a reupload? I could have sworn that this video was already posted...
Anarchy players abusing vulnerabilities that could pose as a national threat, so they can steal someone’s base coords:
day 1 of asking TheMisterEpic to oil up
You have miniature testing ???
wait is this is a re-upload??
The Sign ForceOP was actually stolen by the Wurst Client developer, he was not the one to discover it.
A youtuber who i forgot the name of even made a video exposing the Wurst Client developer for blatantly copying his method, but i have never seen anybody talk about this or credit the original finder.
the mister epic videos
I remember ForceOP, destroyed one of my favourite servers
Damn, i used the sign exploit once aages ago
At least use the full version of Space Valk 3 if all you're going to do is get B-roll of it.
The incomplete version from years ago makes me sad : (
Space valk 3 is so hard to fully load
@@LowSkillMac He can clearly do it, and you can fully load stuff easily and render it silky smooth if you use replay mod.
isnt this a re-upload? i swear i've seen this video already
Not only was nodus the biggest hacked client of all time, it was so big it was synonymous with hacking
wait its been almost 3 years since log4j?? dam
What the fuck? You're joking right? That all felt like it was a few months ago. Wtf happened to my time perception...
@@Bedic-Magcovid fucked it
I was actualy friends with Diedae The owner of the server at 2:40 After that Grief he had a Mental breakdown and Changed his name and Stopped talking to all his original friends Because he thought that we got bought out by The griefers
14:59 hmmm that link looks familiar
but is this stronger than "imfromplanetminecraft exploit" tho
Hi mister epic
@TheMisterEpic can you make a duping toutorial.
Yet minecraft still want to stick to java...
ahh LOGJ4
well something like that