BetterPHP

This kid tried to gain OP access to my server with some basic social engineering . It failed, and I thought it was funny so I guess I'll post it here

I won't tell you how it works, because I don't know. But there are so many people that think they can get OP on my small, peaceful, little server by giving out an IP/DNS for an admin (with OP permissions, but not OP themselves) to connect to.
Apparently this has been removed since the new versions of Bukkit, but people still try.

It did happen once to me, won't name names... (chappro, cakespam, veraldz)
but I banned them and got over it, you know, as you have to.

So anyway, here is a bit of a guide to help you out a bit.

Just a notice, this IS NOT the people that managed to hack me before, this is recent. (Plus I lost the logs for chappro etc)

Oh, and I wasn't even online when this happened. One of teh best admins in the world was dealing with this guy (5rovert is amazing)

Obviously don't go on the server this guy was advertising, its clearly a ForceOP server. (btw, it has to have the server IP or DNS it wants to ForceOP on, so it'll be safe, you just won't be able to connect)


GUILTY LEVEL 1:

Checking if there efforts will go to plan, they need somebody to actually have OP permissions.



GUILTY LEVEL 2:

The bait, they need to work up some anger or outrage.



GUILTY LEVEL 3:

The DNS/IP to connect to is revealed, and a bit more rage. (I don't allow click-able chat links)



GUILTY LEVEL 4:

Some backup to his story, and a bit of 'lol' to make him/her seem friendly.



GUILTY LEVEL 5:

A bit of urgency now, getting impatient. This is the point where you can act like a total jerk and ask stupid questions, like "whats the IP?". You know, have a bit of fun


(NOTE: mc.stratuscraft.net is my old DNS, not the ForceOP server)

GUILTY LEVEL 6:

Just seriously 'out there'... Nobody believes this guy now, but I'll keep going, just in case...



GUILTY LEVEL 7:

Practically this guy is crying on his keyboard now, but its still fun to mess with him. For larger servers, you should have banned by guilty level 3, or the time he/she advertised the IP.


*Banned mid-scentence*

I won't tell you who this was.. But just note if you right click on one of the images and view image URL (whatever) you MAY or MAY not see the username

I hope this helps you stay safe from those nasty players

Urgh, I hate these people. Although they can be quite amusing sometimes.

I made a point of not joining any server that anyone tells me in game until this bug is fixed.

It's actually a man in the middle attack, the way the Minecraft server joining works is

1. Server generates a random number knows as the server id (different for every join)
2. Client tries to join the server
3. Server sends it's random ID to the client
4. Client sends the ID to minecraft.net
5. Server asks minecraft.net if the player can join the server (if the client sent the right ID basically)
6. Client joins

And the way the mitm works

1. Target server generates a random number knows as the server id (different for every join)
2. Client tries to join the attackers server
3. Attackers server poses as a client and tries to join the target server to get the server ID
4. Attackers server sends the target server's ID to the client
5. Client sends the target server ID to minecraft.net
6. Attackers server lets them join without the minecraft.net check
7. Client joins
8. Attackers server continues the join process to the target server
9. Target server thinks the attackers server is the client because it sent the server ID and lets it join
10. Attackers server sends the chat packet "/op <bad_guy>" and leaves

Simple

Fairly amusing

However, I'm more interested in your signature! That's awesome!!

EcazS wrote:However, I'm more interested in your signature!

My signature?
The source code is below, but I mashed it all up into one line :/ (Its quite messy)

<? srand((double)microtime()*1000000);define("IMAGE_WIDTH",450);define("IMAGE_HEIGHT",24);define("MAX_LINE_WIDTH",10);define("COLOR_DEVIATION",18);$img = imagecreate(IMAGE_WIDTH,IMAGE_HEIGHT);$lr = $lg = $lb = 127;function cmax($x) {if ($x > 255) { return 255; }elseif ($x < 0) { return 0; }else { return $x; } }function ncolor($x) {return rand($x - COLOR_DEVIATION, $x + COLOR_DEVIATION); }while($p < IMAGE_WIDTH) {$linecolor = imagecolorallocate($img,$cr = cmax(ncolor($lr)),$cg = cmax(ncolor($lg)),$cb = cmax(ncolor($lb)));$linewidth = rand(1,MAX_LINE_WIDTH);imagefilledrectangle($img,$p,0,$p+$linewidth,IMAGE_HEIGHT,$linecolor);$p = $p + $linewidth;$lr = $cr;$lg = $cg;$lb = $cb;}header("Content-type:image/png");imagepng($img);?>

Hehe, I just played around in Komodo for around 4 hours, using the auto-complete thing

Jacek, you'll have to change it slightly to get it to do it.

Add a uniqid() in there too, and it will change abit more

Like

(int) md5(uniqid())

Will get a random string of numbers.

bowersbros wrote:Jacek, you'll have to change it slightly to get it to do it.

Get it to do what

This ?

jacek wrote:

bowersbros wrote:Jacek, you'll have to change it slightly to get it to do it.

Get it to do what

This ?

[lotta images]

Yep