Interestingly i once saw this as an opportunity to bypass the "login lobbies" of semi-premium servers but at the time (aroun 2018) i wasn't savy enough to know how to breach those defenses, this was a very good documentary...
@@niicespiice Idk if it's these ones, but basically, through cracked clients you could just enter with a name you choose and then make a password if the name's not taken. If you were to be premium, logging in with your name if it's not already taken gives you the option to first make ur password and then "turn" your account into premium status, so once you log in you don't need to use ur password and such, usual premium login.
As a server owner, and developer for MC Mods/Plugins you did an amazing job explaining all of the systems talked about in this video! Great video for those who want to learn about the basics of Bungeecord security & networking works as well! I also loved the small jab at Eclipse LMAO 11:28
Yeah I don’t know how anything works and this video honestly helped me understand how all this works, this also explains why once I got a warning by bungee cord and no one explained what the hell it was
so basically, every once in a while, a genius comes and somehow hacks Hypixel. they found out they asked about it sometimes they tell, sometimes they don't and at the end they fix all and ban / wipe / punish the hackers. crazy stuff but bro has brains
@@ItzYotamGamingYT misconfigured ports/machines are very very common and its honestly amazing the internet still functions with how poor the security is on most systems
@@ItzYotamGamingYT usually you have to look through logs to figure out what happened when its malicious as people dont really like to share that and make themselves public when theyre bad. But yea in cases like this and in good cases its awesome to have stuff directly from the hacker, glad you found cybersecurity interesting have a good day bro :]
To be fair, its a good thing he disclosed said method which this guy could be considered a Grey hat hacker, since he didn't do it with permission, but seeing as he helped the admins and devs, well - he technically got away. I would prefer to use a White hat method, but obviously I would only use "burner" accounts (with permission) and tell the admins about such. This is part of cybersecurity, and can be known as other names, especially ethical hacking. Although some countries deem it as a grey area, it is what it is.
He also stole discord accounts so I am thinking they only disclosed the exploit to reduce their punishment, more black hat with the hypixel instance itself being grey.
@@mrdragonboi why are you trying your hardest to sound "cool" and "knowledgable". "gReY hAt" "wHiTe HaT aPpRoAcH" "eTHiCaL hAcKiNg"...? Cringe NPC go back to playing games and doing homework 💀 No one that honestly knows whats up talks like that 🤦♂️
As someone with extensive experience in system administration and Spigot plugin development, I think that this was a nice explanation of the exploit. However, I have one correction to make: Velocity is NOT a fork of Bungeecord, but an independent project serving as an alternative to PaperMC's now discontinued "Waterfall" Bungeecord fork that aims for higher performance and security
Hypixel's lucky this wasn't a malicious hacker, in this guy's position I'd start Mass-Banning Hypixel moderators on the spot because I find their staff team corrupt as hell
@@Snoozzei Yes. They will ban based on personal bias, such as flagging a Soviet Flag "Inappropriate" in build battle, despite it, to my knowledge, not being considered an offensive symbol (And making stupid unrelated things to the theme isn't against any rules). I stopped playing Hypixel years ago for various reasons, some unrelated to the server itself, and can't say I'll miss too much about it. I liked build battle and Farm Hunt and maybe sometimes come back to visit it but with the generation of the Skibidi Bedrock children upon us and the Java players outgrowing Minecraft, Hypixel definitely has an unpredictable future
Random comment but me and my friend are currently taking a Cyber Security class studying for the SC-900. Your explanation of the encryption system genuinely taught us better than our teacher. Hope to see more of this kind of content, maybe your explanations will help us pass the SC.
@@_thomas try to actually dm the marketing representatives of certain companies that are close to the content you offer and offer them a sponsorship, this is a way to get recognized faster and it'll help you get sponsorships easier and have them as your clients.
im impressed, never saw this channel and having "minecraft/hypixel" and "hacked" in a video title doesnt sound promising (theres too many fake "i griefed server XY" or "i hacked server XY" on this plattform). but im really surprised, this is a really informative video and im glad i stumbled over it. thanks for taking your time to educate us 👍
first video i ever watched from you- i put this on for background noise and slight bit of entertainment as i ate a bowl of cereal, praying that you wouldnt be a super quiet content creator that my eating would drown out... just to find out that you are very much not quiet and do your own subtitles.. based as hell, im def coming back here again lmao
Not gonna lie, this was such a good documentary. I'm surprised you only have 18.4k subs since your content is peak. Keep it up bro, earned another sub!
I like the way you explained all of this. I work with servers, and IPs, ports, proxies, firewalls and backend servers are something I deal with on a daily basis, but took me a long time to understand when I started. Would have loved to have your video back then.
The fact that you have to install a seperate plugin so the backend servers can validate the authenticity of the bungeecord server is insane. Like the whole authentication is handled by bungeecord. Applications like this should be secure by default.
Very well done explanations! Just finished a proxy system for my server, and I had to learn everything you explained so will by myself. If only I had these videos a week earlier!
As per US laws, this almost certainly wouldn’t constitute hacking, because the “hacker” in this case never entered any kind of password or secret, and didn’t abuse known a software bug to bypass such authentication. Misconfiguring a server and giving someone access because you didn’t properly authenticate them is, in fact, not a violation of the computer fraud and abuse act.
That's crazy. As someone who has been doing server development and some pentesting myself over at least a decade now, I'm surprised as to how easy of an exploit went unnoticed for so long. I've actually done this before as a test on some smaller servers I worked on as well. Crazy dude. Edit: The fact that they were still using Legacy Bungeecord as well is insane.. but, it makes sense seeing that the server itself is really old and has thousands of players that still play today.
I actually got into hypixel's servers the same way this hacker did a few years ago... Only i truly didn't have any malicious intentions and instead formally informed the hypixel staff. But looking at this video i think that if i hadn't informed the hypixel staff that this hacker could have done way more since back when i did it i had full system access to i believe almost all systems in their internal network. Of course for everyone reading... I do not encourage anyone from actually hacking and stuff.. All i did was simple scans that anyone can do easily, only not everyone knows how to leverage those scans to see the full extend of all the vulnerabilities. If you ever do these things, be responsible and inform the people who the systems belong to, and don't be a shithead and mess with their systems
Genuinely informative and overall well made video! It's honestly surprising that Hypixel didn't have (an equivalent of) BungeeGuard for their servers. learning something new behind big servers haha
damn that was well made video insane man also i remember when servers were running 1.8 bungeecord so simple to get to the server bypass authme and grief them i remember i had friend who was very insane in this stuff we griefed one german server like it was fun got bored quickly since nobody was there well anyways keep posting more vids il watch them if its like hypixel history related ;D
If you ever get bored of Minecraft videos, please make white hat hacking/computer science explanation videos. I already knew most of the stuff here, but I was surprised at how well it was explained here. I'd love to have such videos back when I was studying this.
Hypixel having a max player count of 50k with an average of 30k people being on at any given time is really crazy to me. I started playing hypixel in 2015 and haven't been on since 2020. I was online when they hit the maximum connected players (555k at the time) record & sent out a server announcement through chat to thank everyone for playing. Very surprised that the new generation doesn't have much interest in playing multiplayer servers anymore.
Wow I remember the players with level 5,000+ and had no idea this is what took place. I’m pretty sure hypixel covered it up at the time, claiming they abused some bug
this is how must stuff work when it comes to securyty that there exist a flaw until someone find that flaw and then that flaw is patch and thats how the securyty gets greater and greater
Bungeecord in this sense could be also called a load balancer. I guess reverse proxies are all load balancers if configured to do so. Side note: great video, wasnt expecting such s low subscriber count with this quality.
@@Timongcraft Exactly, there would be load balancing at DNS level (correct me if I'm wrong but I think multiple SRV records) which could point to a different bungeecord instance depending on 'priority' (I think) of the SRV records. I never had to do this, this is based off general system administration knowledge. Then each bungeecord instance works together to route the player across those mini servers.
Public Private Key encryption does not work backwards. The server just makes it own private key and sends clients the public key, so they both have each other's public key. ultimately meaning that when you encrypt something with the public key only the designated receiver(Whoever has the private key that matches the public key) can recieve it.
It does, in fact, work backwards. RSA is a trapdoor permutation, works both ways!Typically you would only sign and decrypt with the private key, though, since it's not very good encryption if anyone with your public key can decrypt! The client never generates a keypair. The server never has the client's public key as: 1. the client doesn't have one and 2. it doesn't need it. The server's public key is used to encrypt the shared secret. The client generated the shared secret internally, so it doesn't need to receive any encrypted information. They then use that to talk with AES - symmetrical encryption. Read more about Minecraft's implementation here: wiki.vg/Protocol_Encryption
Some dude finds an exploit to hack the largest MC server in the world. And yet I get banned for accidently using a harmless exploit that no one told me I shouldn't be able to do. I think I'm still salty about it.
@@KastrujeDzieciNozyczkami So people were flying around in the skywars lobby, and after accidently hitting the space bar twice, I realized I could fly too. After about 5 minutes of flying, I was kicked for "blacklisted mods". I tried to appeal, but was denied, and now I can't appeal again. Literally no one will hear me out. This was back in 2014.
@@KastrujeDzieciNozyczkami After much prying, apparently flying in the lobby was only available for those who donated a certain amount to the server. But NO ONE TOLD ME OR STOPPED ME
Really well explained. I'm pretty familiar with pentesting and how that stuff works (I work with it and daily drive BlackArch and Qubes) and I love how you ELI5'd it so well so people can understand easily. That hacker was an absolute legend, found the backdoor and responsibly just said what it was so they could patch it, and didn't abuse it for his monetary gains. That's how we do it. Thanks for making this video, it was definitely a good watch. Definitely subscribed!
It’s not the first time that Bungeecoord is involved with security flaws on authentication, there were quite few similiar exploits in the past and yet seems nobody even in Hypixel learned their lesson
As someone who started working with Minecraft servers almost a decade ago, it's hard to believe Hypixel dev team managed to make such a basic mistake. Using a firewall in this scenario is a bad practice - the backend servers shouldn't even be open to the WAN, and the traffic between them and the proxy server should only go through LAN. The verification key between proxy and backends is also a standard for years and over half the existing server networks use it.
my guy could destroy entire hypixel economy but decided to give freebies to himself and his friend and then share with the admins how he did it. What a chad
really good vid and nice explanation. as a java dev myself i have a lot of experience in this and yeah i can say most of the things this guy said is true. There were too many ads tho...
As someone trying to get into cyber and tech these were great explanations of all the concepts involved I really loved the port scan metaphor in particular!
![เจ็บที่ยังฮัก - ม่อน วรวิทย์ [ Official Mv ] จอนนี่มิวสิค](http://i.ytimg.com/vi/KALIGSRSjFs/mqdefault.jpg)
Here Before 25k! (Pls pin lol)
Same
Here as well!
me tooo
Hi centi (im already in ur Discord and im friends with u on discord)
Here before the children
Interestingly i once saw this as an opportunity to bypass the "login lobbies" of semi-premium servers but at the time (aroun 2018) i wasn't savy enough to know how to breach those defenses, this was a very good documentary...
how do semi-premium servers work? i'm interested because i currently have a cracked server and it has security issues
@@niicespiice Idk if it's these ones, but basically, through cracked clients you could just enter with a name you choose and then make a password if the name's not taken. If you were to be premium, logging in with your name if it's not already taken gives you the option to first make ur password and then "turn" your account into premium status, so once you log in you don't need to use ur password and such, usual premium login.
@@niicespiice fed
@@Shizkeb XD
@@niicespiice smei premium auto logs u in to the server without needing the /login command. if you have a premium mc account
As a server owner, and developer for MC Mods/Plugins you did an amazing job explaining all of the systems talked about in this video! Great video for those who want to learn about the basics of Bungeecord security & networking works as well!
I also loved the small jab at Eclipse LMAO 11:28
intellij my beloved ❤️
True I am a cyber security student and he explained the Asymmetric authentication part really really well
Yeah I don’t know how anything works and this video honestly helped me understand how all this works, this also explains why once I got a warning by bungee cord and no one explained what the hell it was
Yea i also known that why bungecord can only connect to different server
I can't believe Hypixel made themselves vulnerable to the exploit that normally only occurs on all the 10yo kids first bungee networks.
it's because they thought that a firewall is enough, an error on the backend caused for the firewall to reset
@@adrian-pr4tn in this case it would be enough if it wasn't reset
@@adrian-pr4tnThat's why you don't only have 1 layer
@@Timongcraft i'm just explaining
@@Timongcraft If they have more than one, that would lead to more lag for the server (and you know they are already horrible)
so basically, every once in a while, a genius comes and somehow hacks Hypixel.
they found out
they asked about it
sometimes they tell, sometimes they don't
and at the end they fix all and ban / wipe / punish the hackers.
crazy stuff but bro has brains
this exploit existed since forever, hypixel was only so unlucky for one of their firewalls to die and allow connections
@@ItzYotamGamingYT misconfigured ports/machines are very very common and its honestly amazing the internet still functions with how poor the security is on most systems
@@DreadHalfling9 well yes but my point is someone finds an exploit, abuses it and then tells it, it's a cycle
@@ItzYotamGamingYT usually you have to look through logs to figure out what happened when its malicious as people dont really like to share that and make themselves public when theyre bad. But yea in cases like this and in good cases its awesome to have stuff directly from the hacker, glad you found cybersecurity interesting have a good day bro :]
@@DreadHalfling9 alright, and thanks you too 👍
To be fair, its a good thing he disclosed said method which this guy could be considered a Grey hat hacker, since he didn't do it with permission, but seeing as he helped the admins and devs, well - he technically got away. I would prefer to use a White hat method, but obviously I would only use "burner" accounts (with permission) and tell the admins about such. This is part of cybersecurity, and can be known as other names, especially ethical hacking. Although some countries deem it as a grey area, it is what it is.
He also stole discord accounts so I am thinking they only disclosed the exploit to reduce their punishment, more black hat with the hypixel instance itself being grey.
@@mrdragonboi why are you trying your hardest to sound "cool" and "knowledgable". "gReY hAt" "wHiTe HaT aPpRoAcH" "eTHiCaL hAcKiNg"...? Cringe NPC go back to playing games and doing homework 💀 No one that honestly knows whats up talks like that 🤦♂️
@@andrewkvk1707 Yeah fair point
man just put the fries in the bag
@@MrMauio Alright then
As someone with extensive experience in system administration and Spigot plugin development, I think that this was a nice explanation of the exploit. However, I have one correction to make: Velocity is NOT a fork of Bungeecord, but an independent project serving as an alternative to PaperMC's now discontinued "Waterfall" Bungeecord fork that aims for higher performance and security
I thought Velocity is the discontinued fork and Waterfall was the independent one made from scratch
@@Kristibek Nope, it's the other way around. Velocity is more modern and the only proxy the PaperMC team is maintaining at the moment
this is correct
(kinda embarrassing since I was building plugins for both 4 years ago)
WHY IS NOBODY TALKING ABOUT HOW ON THE MAP IN THE INTRO NZ IS JUST ROTATED UK 😭
HAHAHAHA CONGRATULATIONS you are the first person to notice
@@_thomas Why is Africa gone?
what happend to italy…
@@_thomasI noticed straight away and was confused, It's where I live aswell 😂😂
How da hell im i subscribed
I think you hacked me
@@xfsdark bro is it me at the thumbnail
@@aathifshadow6549
hmm , don't copyright him then
@@xfsdark I won't do it
1:51 "Your latest 2 week Minecraft phase?" He knows us good xD
@@TheWin9User Came here to say this too lmao, too accurate
8:28 A needle in a haystack in a field of haystacks.
Hypixel's lucky this wasn't a malicious hacker, in this guy's position I'd start Mass-Banning Hypixel moderators on the spot because I find their staff team corrupt as hell
on god. there system sucks too. i've been banned for like 7 years for something i did when i didn't know any better i was like 16 then
@@Snoozzei Yes. They will ban based on personal bias, such as flagging a Soviet Flag "Inappropriate" in build battle, despite it, to my knowledge, not being considered an offensive symbol (And making stupid unrelated things to the theme isn't against any rules). I stopped playing Hypixel years ago for various reasons, some unrelated to the server itself, and can't say I'll miss too much about it. I liked build battle and Farm Hunt and maybe sometimes come back to visit it but with the generation of the Skibidi Bedrock children upon us and the Java players outgrowing Minecraft, Hypixel definitely has an unpredictable future
Same with fakepixel network
Random comment but me and my friend are currently taking a Cyber Security class studying for the SC-900. Your explanation of the encryption system genuinely taught us better than our teacher. Hope to see more of this kind of content, maybe your explanations will help us pass the SC.
I came to watch how one guy hacked Hypixel but learned the whole computer science, wtf! Amazing video dude, immediately liked and subbed!
@@Bilge-ko5qp I decided to watch it 3 times cause I didn't expect to learn it either! Gonna be saving it to keep my mind refreshed about it
@@teraba1696 exactly, it's clean as water and teaches this topic very effectively, amazing!
i LOVE how you explained this, its not even hard to understand with your visual examples
"i would NOT use eclipse" 😭😭
5:49 Ithlught that was gonna be a sponsorship lol
man i WISH
@@_thomas try to actually dm the marketing representatives of certain companies that are close to the content you offer and offer them a sponsorship, this is a way to get recognized faster and it'll help you get sponsorships easier and have them as your clients.
15:04 Being a government hacker on you're goverment's side is a job.
im impressed, never saw this channel and having "minecraft/hypixel" and "hacked" in a video title doesnt sound promising (theres too many fake "i griefed server XY" or "i hacked server XY" on this plattform). but im really surprised, this is a really informative video and im glad i stumbled over it. thanks for taking your time to educate us 👍
moyang
Yangmo
agmnoy
gnaymo
Who unpinned this man.
moyang!
ah yes, hack the subscribe button
The subscribe button: javascript:void(0)
15:03 hmm i guess I can start hacking now
Я тоже (me too)
@@mrcavas and me, конечно же)
And meeee my mom going buy me vape v4 ghost client IM going hack and get revenge who people who bully steve andnplayers and me BHAHAHHAHA
amazing video- great balance of technical detail and accessibility to everyone. Keep up the great work!
insane quality and attention to detail from an underrated channel
first video i ever watched from you- i put this on for background noise and slight bit of entertainment as i ate a bowl of cereal, praying that you wouldnt be a super quiet content creator that my eating would drown out... just to find out that you are very much not quiet and do your own subtitles.. based as hell, im def coming back here again lmao
I've learned more Cybersecurity concepts in this video than my own college course back in the day. I love this video.
Not gonna lie, this was such a good documentary. I'm surprised you only have 18.4k subs since your content is peak. Keep it up bro, earned another sub!
I like the way you explained all of this. I work with servers, and IPs, ports, proxies, firewalls and backend servers are something I deal with on a daily basis, but took me a long time to understand when I started.
Would have loved to have your video back then.
In just 2 hours There is already someone who archived it In Way back machine This video Is really Great.
Techy people like stuff like this and theyre usually the ones who use wayback :)
@@DreadHalfling9 Yes sadly The video Is not Registered.
You did a fantastic job at describing all the server security feature then some of my professors lol
"Cybersecurity professionals need to win every time, attackers need to win only once."
I learned more cybersecurity in this video then my actual class- IN 15 MINUTES.
The fact that you have to install a seperate plugin so the backend servers can validate the authenticity of the bungeecord server is insane. Like the whole authentication is handled by bungeecord. Applications like this should be secure by default.
Very well done explanations! Just finished a proxy system for my server, and I had to learn everything you explained so will by myself. If only I had these videos a week earlier!
@@infinite_bed damn! if only I had posted this video more than a week ago... 😔
as someone tryna get into cybersecurity and also love minecraft, this was the best video i have ever seen
As per US laws, this almost certainly wouldn’t constitute hacking, because the “hacker” in this case never entered any kind of password or secret, and didn’t abuse known a software bug to bypass such authentication. Misconfiguring a server and giving someone access because you didn’t properly authenticate them is, in fact, not a violation of the computer fraud and abuse act.
That's crazy. As someone who has been doing server development and some pentesting myself over at least a decade now, I'm surprised as to how easy of an exploit went unnoticed for so long. I've actually done this before as a test on some smaller servers I worked on as well. Crazy dude.
Edit: The fact that they were still using Legacy Bungeecord as well is insane.. but, it makes sense seeing that the server itself is really old and has thousands of players that still play today.
I actually got into hypixel's servers the same way this hacker did a few years ago... Only i truly didn't have any malicious intentions and instead formally informed the hypixel staff.
But looking at this video i think that if i hadn't informed the hypixel staff that this hacker could have done way more since back when i did it i had full system access to i believe almost all systems in their internal network.
Of course for everyone reading... I do not encourage anyone from actually hacking and stuff..
All i did was simple scans that anyone can do easily, only not everyone knows how to leverage those scans to see the full extend of all the vulnerabilities.
If you ever do these things, be responsible and inform the people who the systems belong to, and don't be a shithead and mess with their systems
this is an incredible video man, editing and info wise, loving it! you just gained a new sub
Genuinely informative and overall well made video! It's honestly surprising that Hypixel didn't have (an equivalent of) BungeeGuard for their servers. learning something new behind big servers haha
damn that was well made video insane man also i remember when servers were running 1.8 bungeecord so simple to get to the server bypass authme and grief them i remember i had friend who was very insane in this stuff we griefed one german server like it was fun got bored quickly since nobody was there well anyways keep posting more vids il watch them if its like hypixel history related ;D
If you ever get bored of Minecraft videos, please make white hat hacking/computer science explanation videos. I already knew most of the stuff here, but I was surprised at how well it was explained here. I'd love to have such videos back when I was studying this.
1:40 It's already 23.3k subs
It's wild that you kept my attention while describing how logins work
i love how you so effortlessly explained asymmetric encryption in 3 minutes better than my computer science teacher did in an hour
11:48 damn... all the evil hacker wanted was friends all along 😔
Hypixel having a max player count of 50k with an average of 30k people being on at any given time is really crazy to me. I started playing hypixel in 2015 and haven't been on since 2020. I was online when they hit the maximum connected players (555k at the time) record & sent out a server announcement through chat to thank everyone for playing. Very surprised that the new generation doesn't have much interest in playing multiplayer servers anymore.
Wow I remember the players with level 5,000+ and had no idea this is what took place. I’m pretty sure hypixel covered it up at the time, claiming they abused some bug
Very good vid, story telling and explaining. Enjoyed watching it through, keep it up!
this is how must stuff work when it comes to securyty that there exist a flaw until someone find that flaw and then that flaw is patch and thats how the securyty gets greater and greater
Bungeecord in this sense could be also called a load balancer. I guess reverse proxies are all load balancers if configured to do so.
Side note: great video, wasnt expecting such s low subscriber count with this quality.
Nah, you have load balancing on top, one BungeeCord instance isn't enought and also if that would fail it would be catastrophic
@@Timongcraft Exactly, there would be load balancing at DNS level (correct me if I'm wrong but I think multiple SRV records) which could point to a different bungeecord instance depending on 'priority' (I think) of the SRV records.
I never had to do this, this is based off general system administration knowledge.
Then each bungeecord instance works together to route the player across those mini servers.
@@DataDerp Ig and they probably either have Bungee in Bungee or some other proxy like HA Proxy too after that.
Great job explaining concepts of server scaning in simple terms!
Public Private Key encryption does not work backwards. The server just makes it own private key and sends clients the public key, so they both have each other's public key. ultimately meaning that when you encrypt something with the public key only the designated receiver(Whoever has the private key that matches the public key) can recieve it.
It does, in fact, work backwards. RSA is a trapdoor permutation, works both ways!Typically you would only sign and decrypt with the private key, though, since it's not very good encryption if anyone with your public key can decrypt!
The client never generates a keypair. The server never has the client's public key as: 1. the client doesn't have one and 2. it doesn't need it. The server's public key is used to encrypt the shared secret. The client generated the shared secret internally, so it doesn't need to receive any encrypted information. They then use that to talk with AES - symmetrical encryption. Read more about Minecraft's implementation here: wiki.vg/Protocol_Encryption
Some dude finds an exploit to hack the largest MC server in the world.
And yet I get banned for accidently using a harmless exploit that no one told me I shouldn't be able to do.
I think I'm still salty about it.
what u did
we have to know what dirrr you do
@@KastrujeDzieciNozyczkami So people were flying around in the skywars lobby, and after accidently hitting the space bar twice, I realized I could fly too. After about 5 minutes of flying, I was kicked for "blacklisted mods". I tried to appeal, but was denied, and now I can't appeal again. Literally no one will hear me out. This was back in 2014.
@@ceruleanshep XD thats funny and sad because its their fault
@@KastrujeDzieciNozyczkami After much prying, apparently flying in the lobby was only available for those who donated a certain amount to the server. But NO ONE TOLD ME OR STOPPED ME
Bro is so underrated. I learnt more from this than in computing class.
Amazing representation for ports, i've always explained it to my friends as doors to a house but this was a nice well made video for sure. subbed.
i actually love this editing style so fucking much
well, that's why port plus cidr scanning is so important
loved the video, really well explained.
"security is not a process, it's a state until you got pwned"
„it wont work with your friends server“ my ass who has a bungeecord server😂
Instructions unclear, accidentally hacked Minecraft and banned Moyang. -1/-10
Really well explained. I'm pretty familiar with pentesting and how that stuff works (I work with it and daily drive BlackArch and Qubes) and I love how you ELI5'd it so well so people can understand easily. That hacker was an absolute legend, found the backdoor and responsibly just said what it was so they could patch it, and didn't abuse it for his monetary gains. That's how we do it. Thanks for making this video, it was definitely a good watch. Definitely subscribed!
1:14 wow tysm for this free cats clip
Bro the way you explain things is crazy good
here before 25k! Great video bro!
Well, you've earned a sub! Made me a little more interested in hacks since my microsoft account just got hacked... good job on the explaination!
It actually used to be possible to steal someone's key just by having them join your fake server. Had some fun with that back in the day O7
Crazy good explanations / editing in PERFECT pace 😍✨💅😮💨
It’s not the first time that Bungeecoord is involved with security flaws on authentication, there were quite few similiar exploits in the past and yet seems nobody even in Hypixel learned their lesson
Nice informative video on internet security and technology! Well done.
That hacker totally deserved keeping the creative mind 🤣
2:57 = NERD ALERT
This is a really good video, i love the editing
As someone who started working with Minecraft servers almost a decade ago, it's hard to believe Hypixel dev team managed to make such a basic mistake. Using a firewall in this scenario is a bad practice - the backend servers shouldn't even be open to the WAN, and the traffic between them and the proxy server should only go through LAN. The verification key between proxy and backends is also a standard for years and over half the existing server networks use it.
Great video, very good explanation of ports ( towns ).
it's crazy how ONE MAN hacked hypixel man.. not an alien or a god, just one man. 👽
If minecraft hackers and war thunder classified documents leakers used their power in anything other than videogames the internet might shut off
I love the way you explained things in the video, I actually understood something for once
peak content, you're so underrated
Awesome video, love your explanations and editing :)
The port explanation was amazing!
my guy could destroy entire hypixel economy but decided to give freebies to himself and his friend
and then share with the admins how he did it.
What a chad
why can't teachers explain tokens that well?? you are the best teacher of those things!
really good vid and nice explanation. as a java dev myself i have a lot of experience in this and yeah i can say most of the things this guy said is true. There were too many ads tho...
There was a 50% chance clicking on the video that it was going to be about you 🤣
Very very Underrated Video, keep up the good work. Rn the video is at 52,288 view, and I wont be surprised if it hit 2-3 mill.
i remember doing this same exploit on some smaller servers, i didn't think hypixel would have ever had this issue considering how large they are.
me when million dollar company does "small" oopsie
taught me about asymmetric encryption better than my cybersecurity class 💀
You explained all concepts very well!
that's probably the best metaphor for what a proxy is, cheers
Small correction: Velocity is NOT a fork or Bungee cord, it's an entirely new reverse proxy from the ground up.
Really didn’t think I’d see Thomas on my fyp haven’t seen anything since tfm
As someone trying to get into cyber and tech these were great explanations of all the concepts involved I really loved the port scan metaphor in particular!
my cousin found an exploit to ban people from entering a chunk and hypixel hired him to use it before it was patched
plot twist: he asked nicely if he can have admin and hypixel gave him admin
Good vidéo ! Continue like this !
Hacked the subscribe button just for you. Interesting video, thanks for putting in all the effort to bring it to us!
the 2 week minecraft phase is real
I LOVE YOUR EXPLAINATION FOR AUTH TOKENS