[Minecraft] How to know if somebody is trying to 'ForceOP'

Talk about anything in here.
Post Reply
User avatar
Helx
Posts: 350
Joined: Thu May 17, 2012 6:45 am
Location: Auckland, New Zealand

[Minecraft] How to know if somebody is trying to 'ForceOP'

Post by Helx »

This kid tried to gain OP access to my server with some basic social engineering . It failed, and I thought it was funny so I guess I'll post it here :)

I won't tell you how it works, because I don't know. But there are so many people that think they can get OP on my small, peaceful, little server by giving out an IP/DNS for an admin (with OP permissions, but not OP themselves) to connect to.
Apparently this has been removed since the new versions of Bukkit, but people still try.

It did happen once to me, won't name names... (chappro, cakespam, veraldz)
but I banned them and got over it, you know, as you have to.

So anyway, here is a bit of a guide to help you out a bit.

Just a notice, this IS NOT the people that managed to hack me before, this is recent. (Plus I lost the logs for chappro etc)

Oh, and I wasn't even online when this happened. One of teh best admins in the world was dealing with this guy (5rovert is amazing)

Obviously don't go on the server this guy was advertising, its clearly a ForceOP server. (btw, it has to have the server IP or DNS it wants to ForceOP on, so it'll be safe, you just won't be able to connect)


GUILTY LEVEL 1:

Checking if there efforts will go to plan, they need somebody to actually have OP permissions.

Image

GUILTY LEVEL 2:

The bait, they need to work up some anger or outrage.

Image

GUILTY LEVEL 3:

The DNS/IP to connect to is revealed, and a bit more rage. (I don't allow click-able chat links)

Image

GUILTY LEVEL 4:

Some backup to his story, and a bit of 'lol' to make him/her seem friendly.

Image

GUILTY LEVEL 5:

A bit of urgency now, getting impatient. This is the point where you can act like a total jerk and ask stupid questions, like "whats the IP?". You know, have a bit of fun ;)

Image
(NOTE: mc.stratuscraft.net is my old DNS, not the ForceOP server)

GUILTY LEVEL 6:

Just seriously 'out there'... Nobody believes this guy now, but I'll keep going, just in case...

Image

GUILTY LEVEL 7:

Practically this guy is crying on his keyboard now, but its still fun to mess with him. For larger servers, you should have banned by guilty level 3, or the time he/she advertised the IP.

Image
*Banned mid-scentence*

I won't tell you who this was.. But just note if you right click on one of the images and view image URL (whatever) you MAY or MAY not see the username :)

I hope this helps you stay safe from those nasty players :)
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: [Minecraft] How to know if somebody is trying to 'ForceO

Post by jacek »

Urgh, I hate these people. Although they can be quite amusing sometimes.

I made a point of not joining any server that anyone tells me in game until this bug is fixed.

It's actually a man in the middle attack, the way the Minecraft server joining works is
  1. Server generates a random number knows as the server id (different for every join)
  2. Client tries to join the server
  3. Server sends it's random ID to the client
  4. Client sends the ID to minecraft.net
  5. Server asks minecraft.net if the player can join the server (if the client sent the right ID basically)
  6. Client joins :)
And the way the mitm works
  1. Target server generates a random number knows as the server id (different for every join)
  2. Client tries to join the attackers server
  3. Attackers server poses as a client and tries to join the target server to get the server ID
  4. Attackers server sends the target server's ID to the client
  5. Client sends the target server ID to minecraft.net
  6. Attackers server lets them join without the minecraft.net check
  7. Client joins :?
  8. Attackers server continues the join process to the target server
  9. Target server thinks the attackers server is the client because it sent the server ID and lets it join
  10. Attackers server sends the chat packet "/op <bad_guy>" and leaves
Simple ;)
Image
User avatar
EcazS
Posts: 789
Joined: Fri May 06, 2011 5:29 pm

Re: [Minecraft] How to know if somebody is trying to 'ForceO

Post by EcazS »

Fairly amusing :lol:

However, I'm more interested in your signature! That's awesome!! :shock:
User avatar
Helx
Posts: 350
Joined: Thu May 17, 2012 6:45 am
Location: Auckland, New Zealand

Re: [Minecraft] How to know if somebody is trying to 'ForceO

Post by Helx »

EcazS wrote:However, I'm more interested in your signature!
My signature?
The source code is below, but I mashed it all up into one line :/ (Its quite messy)
<? srand((double)microtime()*1000000);define("IMAGE_WIDTH",450);define("IMAGE_HEIGHT",24);define("MAX_LINE_WIDTH",10);define("COLOR_DEVIATION",18);$img = imagecreate(IMAGE_WIDTH,IMAGE_HEIGHT);$lr = $lg = $lb = 127;function cmax($x) {if ($x > 255) { return 255; }elseif ($x < 0) { return 0; }else { return $x; } }function ncolor($x) {return rand($x - COLOR_DEVIATION, $x + COLOR_DEVIATION); }while($p < IMAGE_WIDTH) {$linecolor = imagecolorallocate($img,$cr = cmax(ncolor($lr)),$cg = cmax(ncolor($lg)),$cb = cmax(ncolor($lb)));$linewidth = rand(1,MAX_LINE_WIDTH);imagefilledrectangle($img,$p,0,$p+$linewidth,IMAGE_HEIGHT,$linecolor);$p = $p + $linewidth;$lr = $cr;$lg = $cg;$lb = $cb;}header("Content-type:image/png");imagepng($img);?>
Hehe, I just played around in Komodo for around 4 hours, using the auto-complete thing :)
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: [Minecraft] How to know if somebody is trying to 'ForceO

Post by jacek »

Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image

:D
Image
bowersbros
Posts: 534
Joined: Thu May 05, 2011 8:19 pm

Re: [Minecraft] How to know if somebody is trying to 'ForceO

Post by bowersbros »

Jacek, you'll have to change it slightly to get it to do it.

Add a uniqid() in there too, and it will change abit more :)

Like

(int) md5(uniqid())

Will get a random string of numbers.
I don't like to brag, but I wasn't circumcised. I was circumnavigated. ;)

Want to learn something new? Or maybe reinforce what you already know? Or just help out? Please subscribe to my videos: http://goo.gl/58pN9
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: [Minecraft] How to know if somebody is trying to 'ForceO

Post by jacek »

bowersbros wrote:Jacek, you'll have to change it slightly to get it to do it.
Get it to do what :?

This ?

Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image

:D
Image
bowersbros
Posts: 534
Joined: Thu May 05, 2011 8:19 pm

Re: [Minecraft] How to know if somebody is trying to 'ForceO

Post by bowersbros »

jacek wrote:
bowersbros wrote:Jacek, you'll have to change it slightly to get it to do it.
Get it to do what :?

This ?

[lotta images]

:D

Yep :P
I don't like to brag, but I wasn't circumcised. I was circumnavigated. ;)

Want to learn something new? Or maybe reinforce what you already know? Or just help out? Please subscribe to my videos: http://goo.gl/58pN9
Post Reply