Force OP/Session Stealer

[Kenter5500]

Hello.

AFAIK, there are for sure hacks that are private and only well known people have them, but my
question is that DOES Force OP/Session Stealer still EXIST?

In many servers i've seen that someone joins the server and basically just gets OP and starts to grief and op other pepole.
How is that possible? I know you can OP people via Console or FTP, but how, just how. Do they use some kind of program like Force OP/Session Stealer that is private or they access FTP/Console via hacking?

[Zeffer]

There can be programs that can edit the ops.txt file, but really the server owner would have to get that malicious program on their PC.

[LordPankake]

access FTP

I actually was on a server that had this happen. BarclayTech knows how to do this.

[Kenter5500]

I actually was on a server that had this happen. BarclayTech knows how to do this.

Well, if he knows how to do it, can you tell me if i use his method, do i need some coding language knowledge or it's just "download, run and enjoy" thing?

[LordPankake]

Well, if he knows how to do it, can you tell me if i use his method, do i need some coding language knowledge or it's just "download, run and enjoy" thing?

I have no clue how he did it or how to talk to him. The forums he was most active on got taken down. I'm pretty sure you would need to know how to code though. Nothing that useful is just a 'free' download.

[Domokun_index]

You can't force OP remotely if that's what you're asking?
You have to place/get somebody to place a force OP script inside the server files. So yeah FTP access.

[Kenter5500]

You can't force OP remotely if that's what you're asking?
You have to place/get somebody to place a force OP script inside the server files. So yeah FTP access.

Well, actually i ment Force OP/Session Stealer, and my question was do they still EXIST, so i mean does Session Stealer/Force OP exist, does some ultraprocoder have some kind of program, or just pepole who start sharing ops in big servers get FTP Access and add themselves to ops.txt

[Gio]

[Client] Force OP is fake, they all are scams and request your account name/password.

[Plugin] Force OP is reall , but server owner must install that plugin first. You can lie and make him install it.

[IWillNeverUnderstand]

like said above, Client sided is fake unles you have rcon access.
Editing ops.txt is valid.
Plugin is valid.

NO FORCE OPS WORK is you don't have access to the owner's pc

[Kenter5500]

like said above, Client sided is fake unles you have rcon access.
Editing ops.txt is valid.
Plugin is valid.

NO FORCE OPS WORK is you don't have access to the owner's pc

(facepalm) I didn't say that ForceOP is legit and works blablabla, anyways, i got my answer before..

[lucamasira]

Some superprocoder would be intrested in other things than minecraft.

[LordPankake]

Turns out using the authentication code you can have your account authenticated then spoof a second handshake packet to the server to change accounts.

On the 23rd of August md_5 introduced a patch[1] to the name authentication code. This opened a security hole which allows hackers to log in to other peoples accounts.
If you are using spigot builds #1088 or #1089, you should upgrade now! The patch has been reverted[2] and spigot has been rebuilt. Build #1090 is not vulnerable.
Props to andrewkm and Dinnerbone for investigating this.
UPDATE: This is a vanilla issue - a race condition - that was aggravated by the patch posted above. It still exists in non-spigot servers, but is harder to trigger. See md_5's post[3] in this thread for details.

[ImysticZ]

Force op is fake.
Session Stealer(E.G: Scetch's SS) was patched on 1.2.5 I believe