Jump to content




Server hacked by Computercraft exploit or broken code?

help java networking

8 replies to this topic

#1 CCGrimHaxor

  • Members
  • 140 posts

Posted 17 June 2014 - 12:26 PM

Ok this is the second topic today. I have a problem or bug(or whatever it is). This "bug" allowes the person to access minecraft code modify it and hack the server remotly. Ok here is a explanation on how I found it: Well everyone knows I am a computercraft hacking geek so I decided what if I make a program to remotly access any server and take full control of a program. So I did that I was trying to well do the following:
  • Error computercraft code to go to console - FAIL
  • Drop out the bios and redirect it to direct console code - FAIL
  • Turtle paradox glitch(well known of CCHaxForums) got close crashed server though(alot explaining to do to the owner) - FAIL
  • Redirect all code through java into the console - FAIL
  • Java auto key presser? - FAIL
Finally though I tried to use the minecraft protocol to connect and handshake with a java program. Then it was a matter of redirecting everything through a packet listener so I can get CC responses and I got this wierd packet wich is actually for the screen. This packet is so if you and your friend are looking on the same screen in the computer you can see what he is typing. That is used by a java bind to Minecraft Server Protocol automaticlly added by forge. Ok so at that point I went awsome I have a binded program, I have captured packet and I have a packet modifier. So I just used the packet modifier to make a packet that will put a auto key presser on there. So after that all I did was automate the process by adding prgramming it into my binded java app. I turned on the CC pc because it needs that to run I turned on the java program and PWNED! Full unlimited access to the console through the CC pc.

Now I am pretty sure you aren't supposed to do that in computercraft. So any mods and admins can please explain? The program used for this exploit will not be released!

Details of what I use:
Java: 7
Computercraft: 1.61
Forge: 9.11.1.965
Server owner status: Wants to kill me.
Chance of working: 80%
Requirements: Same java, forge, computercraft version as the server is using!
My reaction to this: *faceplam*
Estimation time: 2min

Edited by CCGrimHaxor, 17 June 2014 - 02:35 PM.


#2 Bomb Bloke

    Hobbyist Coder

  • Moderators
  • 7,099 posts
  • LocationTasmania (AU)

Posted 17 June 2014 - 12:53 PM

You're a bit of a head-scratcher - you say you're able to work out how to use a ComputerCraft system to access a MineCraft server console (at least, I guess that's the "console" you're talking about), but not how to use a named spoiler? Anything's possible, I suppose, but there's a bit of dissonance in the picture you're painting here...

Anyway, as you're aware, Dan would be the most appropriate person to direct your findings to. Most forum staff are not directly involved in ComputerCraft development - I don't know what you'd want them to "explain" to you about the matter?

#3 CCGrimHaxor

  • Members
  • 140 posts

Posted 17 June 2014 - 12:56 PM

View PostBomb Bloke, on 17 June 2014 - 12:53 PM, said:

You're a bit of a head-scratcher - you say you're able to work out how to use a ComputerCraft system to access a MineCraft server console (at least, I guess that's the "console" you're talking about), but not how to use a named spoiler? Anything's possible, I suppose, but there's a bit of dissonance in the picture you're painting here...

Anyway, as you're aware, Dan would be the most appropriate person to direct your findings to. Most forum staff are not directly involved in ComputerCraft development - I don't know what you'd want them to "explain" to you about the matter?

Any idea on how I can explain to him because I can't just go: yo dan I just hacked a server and crashed another server with computercraft and java
I don't recall it working like that...

#4 Bomb Bloke

    Hobbyist Coder

  • Moderators
  • 7,099 posts
  • LocationTasmania (AU)

Posted 17 June 2014 - 01:00 PM

I don't see why not. I mean, obviously you'd provide him with some of the modified packets you're sending as well, along with the software you used to generate them, and perhaps some screenshots of the results; I'm sure if he needs anything more specific than that, he'll ask.

#5 CCGrimHaxor

  • Members
  • 140 posts

Posted 17 June 2014 - 01:10 PM

View PostBomb Bloke, on 17 June 2014 - 01:00 PM, said:

I don't see why not. I mean, obviously you'd provide him with some of the modified packets you're sending as well, along with the software you used to generate them, and perhaps some screenshots of the results; I'm sure if he needs anything more specific than that, he'll ask.

I think anyone can figure it out all you do is open the packet capture reboot the CC pc and you will get the packet wich has the following: remoteJavaExecution=false change to remoteJavaExecution=true and reboot pc again bum

#6 Lyqyd

    Lua Liquidator

  • Moderators
  • 8,465 posts

Posted 17 June 2014 - 02:29 PM

This is the second time you've posted a tall tale like this, though your story has changed some this time around. Posting hoaxes won't get you any positive attention and any genuine exploits should be dealt with quietly, directly with dan. You'd probably be best contacting him via twitter or PMing him on the forums here.

#7 CCGrimHaxor

  • Members
  • 140 posts

Posted 17 June 2014 - 02:34 PM

View PostLyqyd, on 17 June 2014 - 02:29 PM, said:

This is the second time you've posted a tall tale like this, though your story has changed some this time around. Posting hoaxes won't get you any positive attention and any genuine exploits should be dealt with quietly, directly with dan. You'd probably be best contacting him via twitter or PMing him on the forums here.

If it was a hoax why did I actually sent dan the bug via email. That makes no sense and the other bug got fixed when the new forge was released and the 2 don't have any connection with each other because the other one was for remotly controlling a CC pc but not the server console and have you noticed how much I went into detail here it is kind of hard to make a hoax bug if the detail is too realisticand check the topic I posted before this topic and compare the dates in that period of time it would be almost impossible to make up such a detailed lie.

Edit: sorry if the replay is harsh I just got a little mad

Edited by CCGrimHaxor, 17 June 2014 - 02:36 PM.


#8 Bomb Bloke

    Hobbyist Coder

  • Moderators
  • 7,099 posts
  • LocationTasmania (AU)

Posted 17 June 2014 - 03:25 PM

He's saying that regardless as to whether these sort of claims are authentic, the forums are not the appropriate place to post them.

If you've already messaged Dan, then great, end of discussion.

#9 Cranium

    Ninja Scripter

  • Moderators
  • 4,031 posts
  • LocationLincoln, Nebraska

Posted 17 June 2014 - 03:41 PM

So let me get this straight.
You say you ran some obscure code outside of computercraft, which allowed you access to the minecraft console? And instead of sending the information to the developer, which you say is your goal that it gets fixed, you make a large, attention seeking post on the forum. When we call you out on it, you say that you've already emailed Dan, informing him of the bug/exploit.

You also seem to be trying really hard to prove this isn't a hoax or tall tale, defending it with ranting, run-on sentences that cannot possibly prove your point in the slightest, and should be much more properly formatted for someone of your advertised age.

Forgive us if what you've provided so far doesn't lend you with much credibility. I'm closing this topic now, to avoid any more negativity, but be aware that any further "exploits" or "hacks" you may find, should be directed to Dan. Don't make an attention-seeking post like this again, it's unneccessary, and does not help resolve the issue.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users