For the curious: the server provider with vulnerable web console is (in my personal opinion, for legal reasons it could obviously be *anybody*) "GPORTAL". Also, I have quickly glanced at the source code of their website, and the XSS appears to be fixed. The actual server is not hosted by them, and is instead hosted by "Hetzner", which you can tell from the leaked IP and also (kind of) the default color profile they use for their root shells (see 7:49).
In an older version of minecraft (not sure about current versions) you can kill creative players, from what I remember it requires an NBT edited potion with negative health boost and the instant health effect. Effectively it sets your health to zero then updates your health causing you to die.
He's not flying while AFK, so really if they wanted to kill him, they could dig a hole underneath him, destroy the bedrock with the piston glitch and drop him into the void below.
3:20 really cool to see ottomated here, he made a lot of among us mods and also made a remote controlled bot that allowed him to play on the otv modded Minecraft server through computer craft, he also made blackjack and roulette in Minecraft with computer craft, all very cool stuff!
@@Wanavarbel Ilmangos newest video about it is here: th-cam.com/video/6sPS4yqC72I/w-d-xo.html, there are other videos going into more detail, but this should be enough as proof of concept.
4:05 THIS. This was the reason why I loved Minecraft so many years ago. Back then, I watched a Video "Minecraft Train station [REVAMPED]" that Video was so cool, i tried replicating it and it was alot of fun. Before that i loved tinkering with redstone and pistons. Especially because sticky pistons just got added. This reminds me of a simpler time for me. And i kind of feel sad that i don't enjoy this as much as i used to.
@@anon_y_mousse Often you will suddenly find something of your childhood that will make you feel excited and when you play / try to recreate it you realize that your brain played you
@@beschbekifft So many times. For instance, finally got a game to play in an emulator that I hadn't played in years and it just wasn't fun even though I used to play for hours.
5:47 I remember seeing the same mountain in r/Minecraft where a player was asking what to build there, and someone recommend a base under a waterfall, which is the exact build
Not only that (the "r" is kinda invalid in a UUID), but the UUID is fairly fake looking as a general. Now that you pointed that out, I can see that this UUID isn't real at all. The real Herobrine's registered account UUID is f84c6a79-0a4e-45e0-879b-cd49ebd4c4e2.
3:00 does anyone know what software they used? I have a server that’s idling around most of the time and would like to do that for some channels that are likely to get censored.
I remember a server I used to play on years ago used to have Minecraft chat on the frontpage of their website, and it turned out to vulnerable to XSS. Until I figured it out and helped them fix it, that is. :)
I'm happy TH-cam popped this back up in my feed. I've been mostly ignoring this series lately because of they're put out as Premieres, and I'm not a fan of those.
Welp, looks like the IP address on the sign at 1:10 doesn't work anymore. But I guess the same player that placed it there als figured out the new IP address for the server, because I found the server with Wurst's Server IP Finder (of course you can find my signs in there), and while I don't know how exactly, the IP address must have been leaked again somehow. Not sure if it was EpicPlayerA10 again, but I swear I saw him online on the server. Although, didn't take screenshot of the tablist. Wurst was the easiest and first go-to hacked client to get out of the bedrock spawn cage. I don't intend to use Wurst anywhere else. But from now on, I will analyze every single frame of the video granted I have time to do so, and possibly run it through OCR software - I'll find some free one. Don't worry, I want to keep track of the server and return for a while periodically. And I've possibly seen some spoilers for another video I guess. :D Jesus hack however is so useful! It still feels weird walking on water, but it's so useful. I guess I'm gonna x-ray next time for ores. And you may ban __Intel_, as he's been on a killing spreee, maybe using killaura and of course fly and speed hacks. I'm not saying it's against the rules or something, but until to that time nobody really killed anyone. So just keep an eye on them. If players start killing each other, I'm afraid they'll turn your server into another 2b2t.
So I downloaded the video to look at it frame by frame where any new IP address would be potentially visible, and I found literally nothing. I don't know how people have figured the new IP address out (which now also doesn't work, so another IP address is probably in circulation, and it seems it wasn't found yet, as Wurst couldn't find it again with IP Finder). Did I miss a video?
Nope, the IP address is still active, I guess it was just temporarily out of service. But still it baffles me. How did you guys find that IP address? I looked through the video frame by frame and couldn't see the IP address anywhere. I saw the old one that doesn't work anymore, that was the one on the sign. Just how? I guess I'll have to export the video to frames and check each frame individually for an IP address. I guess I'll download some sort of free command line OCR scanner that scans an image and outputs found text contents to the page - and then I can use grep to find an IP address. I know the IP address, so I can try to look for the exact IP address.
Neat trick with the RCON attack, but should only in theory work if someone's looking. Also, they need to know the details of the hosting thing. Still another example of why you ALWAYS sanitize your inputs.
I noticed your Minecraft web console you made (I assume?) has an interesting bug which I also assume a real service provider would have spotted and fixed, in the process making your simple XSS attack more difficult if not impossible. When chatting, your name is treated like an HTML tag since it is surrounded in angle brackets. Since it isn't a valid tag, it simply doesn't show up on the page. Not being able to see who is sending chat messages is a pretty big flaw so I think a real service provider would have fixed that by at least encoding the < and > characters. Of course the better fix is to only inject user-generated text content into a page using appropriate APIs, NOT HTML APIs directly. If there is a need for users to generate HTML content, it's best to use an existing library designed to sanitize or sandbox the user input somehow. For example reddit allows user to enter content in markdown which is then translated into HTML. A much more complex solution but it ensures the content is processed and no HTML tags other than desired ones make it into the output. Of course, it's still best to be familiar with what the HTML tags you DO allow actually can do. Images can track users, for example.
No it does not. The exploit would only work on select hosting services, that log the chat in your browser in a unsecure way the mainstream hosters do not have this problem
Hello Mr! Do you plan to make a video on the new "minecraft chat message validation failure" exploit? It allows to kick players with a simple chat message! Great video btw :)
surprised to see Ottomated_ here in this video, he's a pretty notable developer who works with lots of big streamers like Ludwig Great video as always!
The thumbnail is the developer console of a website on a browser. This window can be opened be pressing f12. Then going to the console tab to execute commands
I guess it was his own website of some sort, and I guess that it may not be accessible from the internet, it must be in his own local network. I've tried to search on Wayback Machine, and guess what? Attempts to archive the video failed. That means that Wayback Machine isn't useful to find old and long time lost videos on TH-cam. The rest of the age is intact, it even shows all the comments that were made at the time of the snapshot, but video itself is unavailable. Other archiving sites may have the original video with the IP leak uncensored, I'll try to find one.
But there is a chance. One could etract the frame of the video where the original IP leak is (now blurred), and run it through an AI designed to remove the blurring effect, reconstructing the original text underlaying the blurred area. I remember watching this video: th-cam.com/video/_1Az0KwBbXc/w-d-xo.html - It isn't exactly what you may be looking for, as it requires two inputs (the pixelated image of the characters and characters sample), and works slightly differently, but I guess there may exist an AI that does this type of job - deblurring/decensoring parts of images, notably text, using neural networks that learned on a training set where the input given was censored image and the original uncensored image (in order for the AI to know how the end result is supposed to look like), and this training set contains like dozens of these images, and there is always test done where the neural network is given set of images to test what the network has learned, end result is taken and directly compared to uncensored originals. Once the match coefficient passes a certain percentile value, the attempt is considered success. I guess there might be such AI to do it. However, easiest way would be to find the original video with the server address uncensored yet, archived somewhere. Or wait and watch every single video closely until you find the IP leak of the server. I most certainly will and I will attemt to join the server at some point.
And guess what? This video could very potentially also contain the server IP leak at 8:50. Well, not this time, LO was careful this time and censored the IP again.
But wait, maybe there is a little hope. I'm not going to spoil it just yet, I'm saving the link, but I might have found an archive somewhere. The archived video just isn't ready for playback yet.
it's in here 1:08 the same ip was revealed on the previews video th-cam.com/video/gSxcDYCK_lY/w-d-xo.html (pause at the exact second and you will see it, on the top right ) and there's another ip that i found from the comment section but i wouldn't trust it, there might aswell be a clone of the server trying to steal other people's ips
If packets could be recorded then all it takes is the recording of a user for a while to steal their identity. so theoretically, this attack could be adapted to steal someone's identity. it would be an even worse exploit than log4shell or uuid stealer combined. Edit: I am referring to the second vulnerability talked about in the video, discovered by vktec Edit2: I made a mistake, it was actually LiveOverflow's discovered vulnerability that could be adapted, although vktec did point out a much more critical vulnerability. in practice, both of these vulnerabilities could be used in conjunction to steal someone's id, impersonate someone, hijack someone's account, or even frame someone using the chat report system.
How to fix? first of all delete the ability to get OP through commands (if thats possible. I think you can just override it like any other command by just creating a new one with the same name with bukkit plugin). Also if one gets OP you could check a database to check if the use really is someone thats allowed to go into OP. If not then simple BAN the user and tell them to get in contact with staff.
Actually, the player did the lavacast to block the entrance with cobblestone. I had to get a creeper to explode on top of it to re open it again...
I saw the lavacast and figured it out quickly
we also made a tnt cannon to completely open the entrance! Although that led to some unfortunate casualties :)
hey kynatosh
someone made a cat test account lmao
@@tuffdufroggins uptime check is such a meme at this point :D
The fact that he brushed off the fact Ottomated join the server so quickly was funny to me.
of course, online mode is disabled, so anyone can be anyone else
@@Napert They all have skins though, when did he say it was not online-mode?
@@NateLevin in one of the first episodes, forgot which one exactly
I guess he didn't know who he was
popstonia is a super cool dude too
I'm so in love with this series! I hope the server remains open as an anarchy server even after the series ends
13:40 You might be interested in LogBlock, a logging plugin storing who changed blocks or why blocks changed (and because of whom)
Coreprotect too
CoreProtect best
cat_test better
lag
imagine not using CoreProtect
For the curious: the server provider with vulnerable web console is (in my personal opinion, for legal reasons it could obviously be *anybody*) "GPORTAL". Also, I have quickly glanced at the source code of their website, and the XSS appears to be fixed. The actual server is not hosted by them, and is instead hosted by "Hetzner", which you can tell from the leaked IP and also (kind of) the default color profile they use for their root shells (see 7:49).
It could be anybody !GPORTAL! Nice lol
@Juniper Ai I mean they take user input as HTML code, do you think their services are good?
@Juniper Ai LO is using Hetzner not GPortal. Hetzner does not offer Minecraft servers directly, you have to setup it by yourself.
Seeing Ottomated_ join the server gave me a shock, he’s made a few really good coding videos that I love but now he has not uploaded for a while
he streams on twitch
the server on cracked mode so anyone can spoof their uuids and be whoever they want
In an older version of minecraft (not sure about current versions) you can kill creative players, from what I remember it requires an NBT edited potion with negative health boost and the instant health effect. Effectively it sets your health to zero then updates your health causing you to die.
You still can, pots are op
He's not flying while AFK, so really if they wanted to kill him, they could dig a hole underneath him, destroy the bedrock with the piston glitch and drop him into the void below.
still can, love trolling my less knowledgeable friends. Really rocks their brains lol
3:20 really cool to see ottomated here, he made a lot of among us mods and also made a remote controlled bot that allowed him to play on the otv modded Minecraft server through computer craft, he also made blackjack and roulette in Minecraft with computer craft, all very cool stuff!
yea his computer craft stuff is pretty impressive. he also made pokemon on it.
I thought I recognised their name, that's so cool!
6:40 there is a bug in (atleast older versions) to obtain arbitrary block.
Falling block khe khe.
proofs?
Indeed, ilmango has a couple video explaining it on his channel uploaded pretty recently
@@Wanavarbel Ilmangos newest video about it is here: th-cam.com/video/6sPS4yqC72I/w-d-xo.html, there are other videos going into more detail, but this should be enough as proof of concept.
i dont trust ilmango
Seeing Ottomated join made me laugh since his "invading server" expertise is quite unique
4:05 THIS. This was the reason why I loved Minecraft so many years ago. Back then, I watched a Video "Minecraft Train station [REVAMPED]" that Video was so cool, i tried replicating it and it was alot of fun. Before that i loved tinkering with redstone and pistons. Especially because sticky pistons just got added. This reminds me of a simpler time for me. And i kind of feel sad that i don't enjoy this as much as i used to.
Part of life getting older
I feel that so much these days. I enjoy very little of what I enjoyed even just 5 years ago.
@@anon_y_mousse Often you will suddenly find something of your childhood that will make you feel excited and when you play / try to recreate it you realize that your brain played you
@@beschbekifft So many times. For instance, finally got a game to play in an emulator that I hadn't played in years and it just wasn't fun even though I used to play for hours.
ottomated cameo!!!
5:47 I remember seeing the same mountain in r/Minecraft where a player was asking what to build there, and someone recommend a base under a waterfall, which is the exact build
lmao the fact that “Herobrines” UUID has F00 BAR in it 😂😂
Not only that (the "r" is kinda invalid in a UUID), but the UUID is fairly fake looking as a general. Now that you pointed that out, I can see that this UUID isn't real at all. The real Herobrine's registered account UUID is f84c6a79-0a4e-45e0-879b-cd49ebd4c4e2.
@@CZghost isn't joining an online server with a fake uuid impossible
@@generallyunimportant yes. its spoofed server side. probably.
@@oscarchampion5842 Pretty sure the server has cracked mode on, so that he could spoof the Herobrine account.
6:20 little did he know we can do that in 1.12 at least, I now have command blocks, end portal frames,...
I think I saw a scicraft video about that!
Yeah he also missed the popbob reference at 2:38 soooo yeah he is still innocent to anarchy servers..
I love how you teach hacking with minecraft. Great to get people into it
lol
You didn’t understand a word that come out of his mouth did you?
@@JusTryNc why?
3:00 does anyone know what software they used? I have a server that’s idling around most of the time and would like to do that for some channels that are likely to get censored.
i would also really like to get something like this running as i have 30tb or free space just laying around
Maybe a Plex server and you just upload the videos to them? Idk the only thing I could think of thats what my home lab uses
@@raygun2180 Plex is for watching, not archiving.
@@FlorianWendelborn you just upload them to plex and can watch them whenever
@@raygun2180 I’m not interested in uploading or watching, so Plex will NOT help me at ALL. I’m purely interested in archiving.
The roller coaster made me a bit emotional. Makes me remember how I discovered Minecraft...
I remember a server I used to play on years ago used to have Minecraft chat on the frontpage of their website, and it turned out to vulnerable to XSS. Until I figured it out and helped them fix it, that is. :)
I'm happy TH-cam popped this back up in my feed. I've been mostly ignoring this series lately because of they're put out as Premieres, and I'm not a fan of those.
I am absolutely loving this series
Now that is some real Professional Dev Ops / Cybersecurity situation. As an it student i admire your knowledge.
Welp, looks like the IP address on the sign at 1:10 doesn't work anymore. But I guess the same player that placed it there als figured out the new IP address for the server, because I found the server with Wurst's Server IP Finder (of course you can find my signs in there), and while I don't know how exactly, the IP address must have been leaked again somehow. Not sure if it was EpicPlayerA10 again, but I swear I saw him online on the server. Although, didn't take screenshot of the tablist. Wurst was the easiest and first go-to hacked client to get out of the bedrock spawn cage. I don't intend to use Wurst anywhere else. But from now on, I will analyze every single frame of the video granted I have time to do so, and possibly run it through OCR software - I'll find some free one. Don't worry, I want to keep track of the server and return for a while periodically. And I've possibly seen some spoilers for another video I guess. :D Jesus hack however is so useful! It still feels weird walking on water, but it's so useful. I guess I'm gonna x-ray next time for ores. And you may ban __Intel_, as he's been on a killing spreee, maybe using killaura and of course fly and speed hacks. I'm not saying it's against the rules or something, but until to that time nobody really killed anyone. So just keep an eye on them. If players start killing each other, I'm afraid they'll turn your server into another 2b2t.
So I downloaded the video to look at it frame by frame where any new IP address would be potentially visible, and I found literally nothing. I don't know how people have figured the new IP address out (which now also doesn't work, so another IP address is probably in circulation, and it seems it wasn't found yet, as Wurst couldn't find it again with IP Finder). Did I miss a video?
Nope, the IP address is still active, I guess it was just temporarily out of service. But still it baffles me. How did you guys find that IP address? I looked through the video frame by frame and couldn't see the IP address anywhere. I saw the old one that doesn't work anymore, that was the one on the sign. Just how? I guess I'll have to export the video to frames and check each frame individually for an IP address. I guess I'll download some sort of free command line OCR scanner that scans an image and outputs found text contents to the page - and then I can use grep to find an IP address. I know the IP address, so I can try to look for the exact IP address.
@@CZghost If I may ask, does the IP you have still work? I could send you my public key if you don't want to share it openly
@@CZghost theres a way to track people on what server there in im pretty sure fitmc did a video on how 2b2t players greifed jeb
5:31 NIce to see the almighty 9 by 9 appearing in this server.
oh mah gahd liveoverflow is herobrine confirmed
could you add the text that you actually have to type in the chat to gain op permission in description?
Good to see some fellow Czechs on your server. :D
Ty jsi cz 😊?
10:44 that "WTF!?" comment lmao
I feel that guy
Neat trick with the RCON attack, but should only in theory work if someone's looking. Also, they need to know the details of the hosting thing.
Still another example of why you ALWAYS sanitize your inputs.
I noticed your Minecraft web console you made (I assume?) has an interesting bug which I also assume a real service provider would have spotted and fixed, in the process making your simple XSS attack more difficult if not impossible.
When chatting, your name is treated like an HTML tag since it is surrounded in angle brackets. Since it isn't a valid tag, it simply doesn't show up on the page. Not being able to see who is sending chat messages is a pretty big flaw so I think a real service provider would have fixed that by at least encoding the < and > characters.
Of course the better fix is to only inject user-generated text content into a page using appropriate APIs, NOT HTML APIs directly. If there is a need for users to generate HTML content, it's best to use an existing library designed to sanitize or sandbox the user input somehow. For example reddit allows user to enter content in markdown which is then translated into HTML. A much more complex solution but it ensures the content is processed and no HTML tags other than desired ones make it into the output. Of course, it's still best to be familiar with what the HTML tags you DO allow actually can do. Images can track users, for example.
it's the minecraft console of the provider. I didn't fake that part ;)
@@LiveOverflow I thought you use docker?
I assume you use a console connecting to rcon instead of directly interacting with the process-console?
@@MrSimber1 he said he did in the video, they simply don't fix anything
damn I was actually on the edge of my seat thinking someone pulled that xss off
I liked using a story like Herobrine to explain the vulnerability
casually "Ottomated_" joined the game
Wait, does this mean everybody with enough tech skill can now replay and modify chat commands on modern Minecraft servers?
No, they have to be on the same network to actually see the packets getting sent by the client
No it does not. The exploit would only work on select hosting services, that log the chat in your browser in a unsecure way
the mainstream hosters do not have this problem
@@tigerdan That's not what he's talking about.
@@tigerdan bro
@@tigerdan bro wtf?
Heh good timing. Replay attacks are about to become very relevant.
Hello Mr! Do you plan to make a video on the new "minecraft chat message validation failure" exploit? It allows to kick players with a simple chat message!
Great video btw :)
11:50 can anyone answer me with the full command, i need it cause i am trapped on a server and i had done nothing
I LOVE the Clubmate mod! : D
surprised to see Ottomated_ here in this video, he's a pretty notable developer who works with lots of big streamers like Ludwig
Great video as always!
thnx for the info it could be useful for something to look for in server websites ill use in the future
The thumbnail is the developer console of a website on a browser. This window can be opened be pressing f12. Then going to the console tab to execute commands
Oldest anarchy server 2b2t....wait it's not the usual Minecraft videos I watch
what was the personal archive service that popstonia was using?
I guess it was his own website of some sort, and I guess that it may not be accessible from the internet, it must be in his own local network. I've tried to search on Wayback Machine, and guess what? Attempts to archive the video failed. That means that Wayback Machine isn't useful to find old and long time lost videos on TH-cam. The rest of the age is intact, it even shows all the comments that were made at the time of the snapshot, but video itself is unavailable. Other archiving sites may have the original video with the IP leak uncensored, I'll try to find one.
@@CZghost I know, I’m asking for the software he was using
But there is a chance. One could etract the frame of the video where the original IP leak is (now blurred), and run it through an AI designed to remove the blurring effect, reconstructing the original text underlaying the blurred area. I remember watching this video: th-cam.com/video/_1Az0KwBbXc/w-d-xo.html - It isn't exactly what you may be looking for, as it requires two inputs (the pixelated image of the characters and characters sample), and works slightly differently, but I guess there may exist an AI that does this type of job - deblurring/decensoring parts of images, notably text, using neural networks that learned on a training set where the input given was censored image and the original uncensored image (in order for the AI to know how the end result is supposed to look like), and this training set contains like dozens of these images, and there is always test done where the neural network is given set of images to test what the network has learned, end result is taken and directly compared to uncensored originals. Once the match coefficient passes a certain percentile value, the attempt is considered success. I guess there might be such AI to do it. However, easiest way would be to find the original video with the server address uncensored yet, archived somewhere. Or wait and watch every single video closely until you find the IP leak of the server. I most certainly will and I will attemt to join the server at some point.
And guess what? This video could very potentially also contain the server IP leak at 8:50. Well, not this time, LO was careful this time and censored the IP again.
But wait, maybe there is a little hope. I'm not going to spoil it just yet, I'm saving the link, but I might have found an archive somewhere. The archived video just isn't ready for playback yet.
Awesome, great job, super well explained, thanks a lot
It's kind of cool Ottomated found your server
0:43 omg that's me
wait how do u get the page in 11:01
Going down the minecraft hacking rabbithole usually leads to kids becoming hackers instead of security researchers
what is the code to force op when the console is open? could u pls tell me? thanks!
9:03 idin t work on my server it s on 1.12.2
Even in 1.16.5 and 1.20
2:56 And how are they doing it?
I would like to do it myself
yt-dlp
7:29 Isnt the ip on the sign ?
What OS do you use for your minecraft server?
whats the ip
it's in here 1:08 the same ip was revealed on the previews video th-cam.com/video/gSxcDYCK_lY/w-d-xo.html (pause at the exact second and you will see it, on the top right )
and there's another ip that i found from the comment section
but i wouldn't trust it, there might aswell be a clone of the server trying to steal other people's ips
@@haithem8906 thx man im looking in it
@@haithem8906 i cant see the thing in 1:08
@@haithem8906 found it
@@haithem8906 ip doesnt work
I met techno but nice vid XD you earned a new sub 👍
Can you show the full command you use to get op?
$("#rconCommand")[0].value='op vxpeeep';
$("#sendRconCommand")[0].click();
$(".row-standard").remove();
@@vxpe7864 What website is the server hosted on
@@vxpe7864 it didnt work in vanilla
@@kiddojad1827 of course it do not work in vanilla lol
sad to see the server down :(
It was very fun finding this server b4 everyone else
can you send me IP? I always wanted to join it :(
@@thefoxguy nope ^-^
@@barrulik :(
@@thefoxguy He changed the ip anyway, I don't think anyone got the new ip yet
good job showing the public IPs of everyone who joined :p
Would this work on a minehut or an aternos server (the forceOP), and what is the command/code part?
I have the same questions
no.
You need to start censoring the server IP more seriously. Haha :)
and client ips
he accidentally just showed ips of many people at 8:00
I practically understood nothing in this video lol and I felt like a real idiot
i was so shocked by this, this man is teaching while playing minecraft
love the popbot refrence
Story telling for the win
Note: lots of peoples IPs are shown around 8:00, perhaps you should blur this?
There is no ip address at all ! No worries
@@not_kelbaz there definitely are
6:40 if i remember right there is way to obtain bedrock in survival but it requires end and is very hard
If packets could be recorded then all it takes is the recording of a user for a while to steal their identity. so theoretically, this attack could be adapted to steal someone's identity. it would be an even worse exploit than log4shell or uuid stealer combined.
Edit: I am referring to the second vulnerability talked about in the video, discovered by vktec
Edit2: I made a mistake, it was actually LiveOverflow's discovered vulnerability that could be adapted, although vktec did point out a much more critical vulnerability. in practice, both of these vulnerabilities could be used in conjunction to steal someone's id, impersonate someone, hijack someone's account, or even frame someone using the chat report system.
what's the script for op? i want to test if in my server works
Ottomated is a familiar name! Small world :)
What konsole is this which u use?
5:30 Dire 9x9!
what program do you use to hack minecraft???
How did you add the gui to your hacks?
On some faction servers you need to set your password when logging for the first time... Maybe this can be weaponized pretty easily...
WHats the whole command what made you an operator?
How did you add a menu to your mod and toggleable modules?
Look at his other videos. He just added a custom button to the options screen that opens his custom window
best hosting server? or u playing in realms
Can u tell the command u putted in the chat and got op i want to do it in my friend,s server to scare him
where are you from? your accent sounds somewhat german/dutch
@@Shrecked ok
warum hast du die ip adresse geändert?
whats the ip for the server?
There IS bugs to obtain blocks like bedruck, though i am not sure whether they are patched on never versions
They're possible on 1.12 and below.
@@celestialowl8865 ah alr ty
Hello i want to learn how to program to do things like this. Has anyone got a good tutorial to learn?
what is the comand?
what version is this 1.18.2
Don't you think he leaked the ip intentionally? I found it twice... However, the server is now constantly full
in this video?
And now the server seems to be fully down... this was probably intentional
@@petey5009 He posted on Twitter that he messed up again and „made some changes“. Who knows, maybe some kind of a new challenge
@@loisI120 probably an ip change
@@petey5009 so where was the ip again?
How to fix? first of all delete the ability to get OP through commands (if thats possible. I think you can just override it like any other command by just creating a new one with the same name with bukkit plugin). Also if one gets OP you could check a database to check if the use really is someone thats allowed to go into OP. If not then simple BAN the user and tell them to get in contact with staff.
/minecraft:op
/essentials:gmc
/minecraft:gamemode creative
real
@@popnotfound can you disable the default commands in bukkit api?
@@imluctor5997 maybe
Whats the whole op html code?
popstonia my love
wher is that server? I want to play there :3
Where can I find this archiving service?
Its a personal archive server, i think its tube-archiver.
yt-dlp
@@tarakivu8861 Thanks
What is the server version?
Does someone know his hoster? Or is it made by him?
POG a Czech guy was on this guys server
Does anybody have the forceop code?
If you're a complete beginner to soft production then soft is imo the easiest daw that you can get, I started off with it.. If you have a little bit
Well g-portal is a bad host, what do you expect? xD
8:10 shows peoples log off locations so you can find their bases
the bug tracket prevents you from viewing MC-242462 & MC-249235 whilst logged out