I know they aren't real, but teams like avolition etc somehow get op without getting the owner too download a program..? How is that possible..?
Originally Posted by Elakan
I know they aren't real, but teams like avolition etc somehow get op without getting the owner too download a program..? How is that possible..?
they social engineer him :P
Team Avolition worked at griefing MC servers a long time back. They didn't need OP to execute their hacks as there was no base anti-hack system.
However, if you want OP now to do all that griefing etc. you're going to need FTP access at the very least.
Doing it remotely without this trouble is near impossible, if not.
Hello this is the microsoft team. We think your computer is in need of updates and we called to help you.
*User follows instructions*
Ok, now you need to navigate to *malicious website* and click install.
*User downloads and runs fake program whilst the server installs malware on their computer*
How is this social engineering? Somebody tricked somebody into doing something. That's pretty much it.
In other news techically force opping (or logging in as the owner) is currently possible due to coding flaws in minecraft's authentication code.
Originally Posted by /r/admincraft
On the 23rd of August md_5 introduced a patch[1] to the name authentication code. This opened a security hole which allows hackers to log in to other peoples accounts. If you are using spigot builds #1088 or #1089, you should upgrade now! The patch has been reverted[2] and spigot has been rebuilt. Build #1090 is not vulnerable. Props to andrewkm and Dinnerbone for investigating this. UPDATE: This is a vanilla issue - a race condition - that was aggravated by the patch posted above. It still exists in non-spigot servers, but is harder to trigger. See md_5's post[3] in this thread for details.
Explained very well
The server they were griefing on was an outdated server and probably used outdated plugins, Krysk being the smart ass that he is probably decompiled it and found an exploit.