Make sure to subscribe, and check out my patreon for exclusive content! www.patreon.com/TheMisterEpic

@mineabdo2515

Ай бұрын

Can you talk about pojav lancher in mobile 📱 and its java edition and if you buyed the game you can play in hypixel and for mods you need to put them in tge mods folder and you can download directly forge or fabric in any version

@DRPURGE-nh1oh

Ай бұрын

Amazing video man ❤ thank you for taking the time outa your day to make this for us you don't get enough credit

@DRPURGE-nh1oh

Ай бұрын

Also take a break you need it dude

@ultraalex20

Ай бұрын

@TheMisterEpic

@Ofuka880

Ай бұрын

do you know authmebridge exploit?

Minecraft has more vulnerabilities than I have chromosomes

@LandrewLeng

Ай бұрын

bro 💀

@TheMisterEpic

Ай бұрын

Lol

@erubus5231

Ай бұрын

more than one?

@Nightcaat

Ай бұрын

7

@duckny8316

Ай бұрын

Lol​@@TheMisterEpic

This is not just Minecraft's most powerful vulnerabilities, it is one of THE worlds most powerful vulnerability (CVSS of 9.8). A remote attacker can execute arbitrary code via the log4j component, and since it is an exploit in the logger, no one would be able to see if an atracker had gained entry.

@maritoguionyo

Ай бұрын

not a direct Minecraft exploit

The Log4j exploit (called Log4shell) was given a 10.0 severity rating on the CVE scale. The Log4J exploit ranked among the most severe vulnerabilities in software in the history of software. It sits on the throne alongside EternalBlue (which spawned Ransomware as we know it), Remote Code Execution in email servers for governments, and why the protocol FTP isn't even used anymore. It spawned a furious hellfire of system administrators patching their environments at a speed and urgency not even paced by Y2K.

@CZghost

Ай бұрын

Yeah, it was pretty much the most severe vulnerability, and that was given the sheer scale of the library. Scale of the library isn't defined just by its program size, but also the usage. And it was EVERYWHERE. This vulnerability quite literally affected the whole Internet. That's why there was such a big fuss about it.

@vitulus_

Ай бұрын

I remember hearing that later versions of Java aren't susceptible to the RCE part of the exploit.

@unknownname3703

Ай бұрын

and itsonly the XZ backdoor that is the other 10.0 CVE i know of. log4j was crazy

@unknownname3703

Ай бұрын

and itsonly the XZ backdoor that is the other 10.0 CVE i know of. log4j was crazy

@jamesr736

Ай бұрын

Wait, we don't use FTP anymore?

i love how the reddit post asking about the handshake exploit has a troll comment and a reply getting mad at them

It should be noted that server seeker going public makes cracked servers super vulnerable to forceop. When owners create these servers, they're unaware that anybody can join the server and log in with operator permissions

@Theunicorn2012

Ай бұрын

It should be noted that server seeker going public makes cracked servers super vulnerable to forceop. When owners create these servers, they're unaware that anybody can join the server and log in with operator permissions

@xelabrat2

Ай бұрын

@@Theunicorn2012 It should be noted that server seeker going public makes cracked servers super vulnerable to forceop. When owners create these servers, they're unaware that anybody can join the server and log in with operator permissions

@apoloqy954

Ай бұрын

It should be noted that server seeker going public makes cracked servers super vulnerable to forceop. When owners create these servers, they're unaware that anybody can join the server and log in with operator permissions

@xelabrat2

Ай бұрын

@@BloodravenRivers way to break the comment chain loser

@sethviets5120

Ай бұрын

​​@@BloodravenRiversIt should be noted that the people here were doing something called a chain, and you just broke that said chain.

Using log4j to op yourself is up there with using a flamethrower to light a campfire.

@_WarrantyVoid

Ай бұрын

More like on the tier of using the Tsar bomba to light a match. With Log4Shell one can directly take over the user account the Java application runs on, if that account has admin / root priviliges or there is a viable privilige escalation exploit available then the computer is basically fucked, especially if stuff like bios level advanced persistent threat is used (if the computer is not a VM that is). If the computer has credentials then even more can be compromised. Automate that process and you got a self-replicating botnet. Remote Code Execution exploits are no joke.

@DenLedeTomat

Ай бұрын

I can't believe that they used that fkin enormous power to gain only the coords and tokens oof

I'm so glad the handshake exploit was finally explained, I was always curious about Minecraft change logs and that reddit thread never got anywhere.

That Gildfesh guy seems pretty cool

@WFly101

Ай бұрын

Godflesh is good band

@tutwastaken69

Ай бұрын

hmmm

I love how he is subscribed to Team Avo 6:06

I'm the kinda guy to watch 17min videos before going to work in 5 minutes

8:52 quick correction: BungeeCord is a proxy/server software, not a standalone plugin.

@flipflops99

Ай бұрын

blud really said "erm actually... 🤓☝"

@WFly101

Ай бұрын

​@@flipflops99blud really said "I'm 12 and project my insecurities online"

@flooploops4589

Ай бұрын

UHGMMMM ACHUTTTTTTLLLYYYY 🤓🤓🤓🤓

@azuree.nekowo

Ай бұрын

@@flooploops4589 honestly I'm laughing at how insecure and immature you are.

@tbrickman

Ай бұрын

Eeerm ACKtuallY ☝🏻🤓

A lot of new servers use velocity as bungecord is outdated and unsafe

@Slendercze0

Ай бұрын

Wait til bungeeguard/velocity modern forwarding bypass 😂😂😂 (its impossible without brute force)

I accidentally leaked my session id from a crash report for a sodium bug in 2023. So apparently Mojang didn’t fix the crash reports having the session ids.

@felixbemme7257

Ай бұрын

Sharing sensible files with outside people isnt something they need to fix. Just dont share files like that with randoms

@Theunicorn2012

Ай бұрын

I accidentally leaked my session id from a crash report for a sodium bug in 2024. So apparently Mojang didn’t fix the crash reports having the session ids.

@felixbemme7257

Ай бұрын

@@Theunicorn2012 Because thats not an mistake. Crash reports are supposed to have this kind of data. You are just not supposed to share files and logs without checking what they do/contain with randoms on the web.

@roughlyunderscore

Ай бұрын

Don't the session IDs expire when you exit the client?

@Bluebird_YT

Ай бұрын

@@roughlyunderscore they expire after 2 weeks

I wouldn’t be surprised if there is a new forceop method with the new components replacing nbt data in 1.20.5+.

@lisiasty688

Ай бұрын

There is always at least one exploit but not discovered yet. Sometimes it takes a lot of time and some programs or Minecraft versions are just not worth it. I mean you can find something in 1.2.5 but I wouldn't be worth it if that's only that version because something was removed for example... Creating non-vulnerable data is almost impossible to do task

@Bluebird_YT

Ай бұрын

@@lisiasty688 I mean the new snapshots for 1.20.5 and 1.21 not the old version 1.2.5

i used to grief servers with the bungeecord exploit, me and a group of friends wrote a plugin that would act as the "hub" that would allow us to join the affected sub-server directly from the game with a command, change the name/ip that we were joining with, and a couple other things that i've forgotten now we were probably the first or second group of people to use it, fun times :)

Ah Scetch and Nodus. Was good times running around with him. That Session ID exploit was wild times.

@Theunicorn2012

Ай бұрын

Ah Scetch and Nodus. Was good times running around with him. That Session ID exploit was wild times.

@RoyD_S

Ай бұрын

@@Theunicorn2012 bad bot

grabbing some popcorn, anyone want some?

@Nightcaat

Ай бұрын

I’ll take some 🍿

@ReimBuch

Ай бұрын

Sure, some tasty popcorn would be nice rn

@DonutMT

Ай бұрын

@@ReimBuch here ya go!

@WFly101

Ай бұрын

blackwater park is the new minecraft hacked client featuring guest member steve von from Asperger's co. It's very shï sàh lō

@TCMCGMB

Ай бұрын

thx for reminding me

The Log4j vulnerability was actually FAR WORSE than just being a technique to gain an OP on a server. The vulnerability is dubbed Log4shell, and it is what it is. Being it that the library is widely used across the Internet in many popular Java apps and in many industry environments, the vulnerability that gives you an ability to remotely execute any arbitrary code (it is an RCE vulnerability), exploiting it is far more dangerous than just a silly Minecraft hack. Hackers were able to penetrate powerplants for example with this simple exploit. It's actually really scary that this vulnerability was found, and we still have no idea how much and how long it was exploited in the wild. Because the vulnerability was there for quite some time before it was discovered. It is patched now, but god knows how many machines were not only exposed with this vulnerability, but also actively exploited and penetrated. It's not just a silly Minecraft hack, that was a VERY serious deal.

im surprised the 'i work for planetminecraft' line ever worked. no admin from another website ever deserves admin on ur server. its that simple.

@Alex-qj9yu

Ай бұрын

It’s why people are the weakest link in security

@LimitlessJayson

Ай бұрын

but considering none of us were cybersecurity nerds all they were thinking is.. "maybe if i give him op he will recommend my server more!!"

@Ninjalette666

Ай бұрын

@@LimitlessJayson you dont need to be a cybersecurity nerd to understand that you dont give operator status to a random.... do u hand your password over to anyone that asks for it? braincells people.... use them?

@Ninjalette666

Ай бұрын

@@LimitlessJayson also no one is going to recommend servers for you, that costs money and its something people dont realise. you either struggle up the normie voting lists or your server gets spread by word of mouth or reddit or planetminecraft. there is no easy quick way to get your server to 'make it'

@LimitlessJayson

Ай бұрын

@@Ninjalette666 this was 10 years ago that this stuff happened why are you speaking to me like I'm retarded

your videos are always my go to night watch content

2b2t players being traumatized by the string on the thumbnail

@Stormie21

Ай бұрын

Why

@nikolaideianov5092

Ай бұрын

​@@Stormie21i think is goddamn log4j

@Stormie21

Ай бұрын

@@nikolaideianov5092 oh

How are you making videos so fast!?! Love your videos ♥, its great that you've been getting much more active recently!!! I know I've already said this but , I like the vibe that your videos give me , high quality , nice and relaxing videos. Also , what do you use to edit your videos? 🤔

The biggest exploit is having KZread rank on hypixel... ...talking about you, no lag back

@unnamed7430

Ай бұрын

esp the second one, you can just climb up walls to escape from mobs and other players.

@WFly101

Ай бұрын

Bagels are kinda hard

@CitriTea

Ай бұрын

mods can't even ban you for this overpowered exploit smh

@youboring

Ай бұрын

lf yt rank no wd routes

back then, I believed someone was actually Notch on a server because they were able to appear as his account. Things were just different back then.

@theschnozzler

Ай бұрын

Did he drop an apple when killed?

@rubiitoxic

Ай бұрын

​@@theschnozzler probably

@ThePaperKhan

Ай бұрын

Maybe he was Notch.

I literally had the book method done to my server last year, great vid

I feel like I’ve watched this before… I don’t know why, but I feel like I’ve watched this before

@JustYourLocalfnaffan198

Ай бұрын

Same lol.

@WFly101

Ай бұрын

J cole comes out as a trans billy eilish

@WFly101

Ай бұрын

Lōl

@MD-df7if

Ай бұрын

Removed?

@WFly101

Ай бұрын

​@@MD-df7ifno it was bungee corded into outer millenials are soacey hahaha Tool reference

Let’s gooo, the mister epic upload ! 🐐

The Handshake exploit brought back some memories. I remember seeing it posted and taking the risk of downloading it as people thought it was a login stealer. You could literally join any server with any username without any problem. Assumed it was more known.

Hello. I'm from PlanetMinecraft. Can I please become moderator on your KZread channel to test some permissions?

@ItsEka-929jfm

Ай бұрын

Obv

8:18 this segment sounds like you spitting bars lmao

I commented about this in the last video so thanks for mentioning it

when its sunday and you remember you have to go to school tomorrow but misterepic uploads

i've made a couple of force ops for fun, the type that is a spawn egg that just summons and runs a armor stand that has /op {my_name} on it, ofc, it doesn't work if command blocks are off, but they're quite fun to make

FINALLY the op login to any acc released. I've been wondering how it was done

In 2013 I was the co-owner/admin for a server of a friend. There was another admin that had way too many permissions but I couldn't do anything about it because it was the owners decision, that admin fell for the planetminecraft scam. When I saw it happening in the console I deopped both the admin and the griefer and rolled everything back with coreprotect. Teached the admin a lesson through server broadcast lmao

This was posted 7 minutes ago, gonna watch it now

@railworksamerica

Ай бұрын

7 days ago now

From experience from writing my own game, race conditions (talked about at 12:32) probably took away 2 months of debugging, they're a nightmare to debug.

I think we need more info on that last Java security vulnerability… it sounded wild and very interesting

@Gildfesh

Ай бұрын

There is actually a lot of information online if you look up "Log4Shell", a lot of videos covering it even use Minecraft as the example. I really suggest looking it up if you are even slightly interested because it was insane. Simply put, the tool that Minecraft uses to log things (such as crash reports) had a vulnerability in it which would allow someone to run any code they wanted if they could get a specific string of text into the logs of an affected program. Minecraft makes it easy to do this just by sending a chat message which meant that you could run any code you wanted on the computer of any connected player or even the server itself. The exploit being in the most commonly used logging library meant lots of websites, servers and random programs were vulnerable to the exploit, it just happened that Minecraft was one of the things impacted.

@gem3763

Ай бұрын

You can find plenty of info about it online, as it was a huge security issue and had lots of real-world ramifications

ironicly the only one of these i have heard of was the log4j and the handshake I had no idea there is little info about it

Yo what is the music you used in the timestamp 9:05 its so cool, i'd like to know the name of it. Please ??

@TheMisterEpic Hm? I watched LifestealSMP some time before, and didn't spoke use the Handshake method to get OP on the server? Or was it just a similar glitch?

Its a good day when a new duping video lands on the internet

cuz u found this you dont have to milk it out along 3 vids.

@anotheryoutubeaccount5259

Ай бұрын

TheMisterMilkMan

Perfect timing, bedtime 👍🏻

I force opped once into a big minecraft event, i got perm banned but it was crazy

This guy needs to make a movie of minecraft news would be so good 😂

I remember back on my brother's first attempt at running a server for his friends someone came in and destroyed the world with this exploit, Ender Dragons and Withers left and right. On his way out he turned on the whitelist as a parting gift and show my brother how to stop someone else from coming in to grief the world again.

Ive seen someones server get messed up by the bungee method because they didn't have the backends firewalled off. I had a good laugh from that.

(on the oldest anarchy server in Minecraft....)

@WFly101

Ай бұрын

Just call my name

@WFly101

Ай бұрын

Ωμ×∞∆››

If you joined like hypixel with the handshake exploit, wuldnt you be invincible from the bans?

i think the most substantial exploits arent the ones limited to the game but the ones taht give you privelages on the server backend or user machines

This might give me nightmares, thanks

Man i remember using Session Stealer. I was shocked when it worked

14:04 i would love a video about creative plot worlds and their history/what happened Its rare to find any of these servers today. i used to play alot in a brazilian server called SkyCraft, it was the most fun i had with multplayer

The history of ratting in Hypixel skyblock is insane

3:00 I remember writing that over 8 years ago

@susimogus

Ай бұрын

LOL

Cool video!

day 1 of asking TheMisterEpic to oil up

First plaied Minecraft somewhere near before beds where introduced, but not too long they where. I was like who should i suppose to fight all these monsters?

Anarchy players abusing vulnerabilities that could pose as a national threat, so they can steal someone’s base coords:

Oh man i remember that icanhasgrief video like yesterday!

21 minutes early lets go and the video is edited nice

Felt like this was talked about before.

Force OPPA GANGNAM STYLE

What’s good nice video .

No idea what this is but I'll watch you never the less :)

On Minecraft Wii U it's basically the average day to get someone to force op themselves.

I was already wondering when a video about the log4j exploit would be released.

I remember using something similar to this back in the day 😅

Yet minecraft still want to stick to java...

So how is your first youtube video a patreon exclusive?

How do you make the enchantment glint look like that please I need it

Minecraft has more vulnerabilities than I have braincells 💀

@inconsistenttutorialuploader

Ай бұрын

stolen

hold up now, u sped thru that last lil bit there about the command u could type that would give u op and control of a persons computer. idk i think it was log4j ik its probably very limited info on that particular method n probably less you could actually speak of on here, but of all the methods u described in these videos that very last one was very obscure, ive never heard about that one in it peaked my interest because something with that level of control to exert would be very dangerous exploit indeed, not just for servers, alot of these hacks and exploits most pertain to in game control, but one like that, just imagine u know we got old people running our countries u know their grandkids play minecraft how long before some anarchy player gets into REAL trouble for getting into the wrong computer

wait i just watched this video earlier today why reupload

Btw that not all force ops , u forgot about aka - plugin called backdoor:)

I liked my own like

@WFly101

Ай бұрын

I commented on your own comment

@thechef7633

Ай бұрын

@@WFly101 i liked your comment on my own comment

@WFly101

Ай бұрын

​@@thechef7633 I ate your dumpster

@nikolaideianov5092

Ай бұрын

2649

yummy video sad there was no quesadillas

9:37 how would I do this? Investigating this to fix my setup

The Sign ForceOP was actually stolen by the Wurst Client developer, he was not the one to discover it. A youtuber who i forgot the name of even made a video exposing the Wurst Client developer for blatantly copying his method, but i have never seen anybody talk about this or credit the original finder.

i remember doing the book forceop it was fun sadly i got banned shortly after then every admin know about it they were just playing around and yep got ban :D it was still fun

The most recent force op exploit was fumbled by people who didn’t know the potential

You have miniature testing ???

Is this a reupload? I could have sworn that this video was already posted...

the mister epic videos

15 sec ago hello is anyone here? Just me? Ok (refreshes) never mind i guess

good vids

Hi mister epic

nice dota ost

wait is this is a re-upload??

I love the part where the mister epic force opped all over the place

At least use the full version of Space Valk 3 if all you're going to do is get B-roll of it. The incomplete version from years ago makes me sad : (

@LowSkillMac

Ай бұрын

Space valk 3 is so hard to fully load

@Jacktherippa84

Ай бұрын

@@LowSkillMac He can clearly do it, and you can fully load stuff easily and render it silky smooth if you use replay mod.

Those are truly game breaking

I was actualy friends with Diedae The owner of the server at 2:40 After that Grief he had a Mental breakdown and Changed his name and Stopped talking to all his original friends Because he thought that we got bought out by The griefers

cool vid

14:59 hmmm that link looks familiar

Damn, i used the sign exploit once aages ago

Waiting for the day my old name shows up in one of these videos

Can u say hi? I love ur videos