My friend just logged on a cracked minecraft server(not really the machine just a server which you log in and play on with others) that had no password plugin and told me "I hacked". Asked him how, he answered "He didn't have a plugin for passwords"
(For those that don't play minecraft, I know there are loads. There are premium servers which only allow people in if they have bought the game then there is cracked servers which people use a cracked client and choose any name and log in. But cracked server, well most have plugins that then make you do the command /register and /login but this server didn't have it.)
And this is not the first time this has happened, all of my friends just say hacking sometimes they might crack a password but call it hacking. I don't tell my friends that I can hack because I just don't want them to ask me "Come over to my house and setup kali linux" or can you hack my gf's account and stuff
So it's not cool when your friend refer the word hack or hacker to something like this.
It's the same thing as hate or I don't like (Evolution told me this)
So I said to evo that I hate the other channels except disney and some sport channals and he tells me why do you hate, has the channal done anything bad to you? Hate is when you want something or someone to suffer but not die and then there is I don't like which is used for that u don't like it and it's just nicer. And the word hate is used to much
Has this ever happened to u when your friend or someone says oh I hacked this, oh I'm a hacker by guessing the password.
I know we all make mistakes but I have been telling this friend for ages today he tells me this again and it's nothing bad but it's just kinda stupid.
I know, and there is no way really to stop this cause I believe everyone shows of with the word hack even tho they guess a password they tell you that I've hacked it and when u say how they say can't tell. Even I used to use the word hack
Not completely on-topic, but I can never help but giggle when I hear this term given that the servers can be downloaded for free (last I checked) and there's a flag in the server configuration file that disables user account verification with Mojang's servers (which is useful because those servers sometimes go offline).
I do hear this from time to time. I try not to let it bother me. As long as their egos don't get to their heads, I just smile and let those people feel like they've accomplished something.
Back in the day my bestfriend's older brother and his friends would have hacker wars. Just messing with eachother. 3 of them were in cyber security, 2 of them were just amateur enthusiasts. My favorite was when one of them made the default action in windows was to pause everything and play this video. http://www.youtube.com/watch?v=UYrkQL1bX4A. Move mouse more than a 3 pixels? bake a cake. left click? bake a cake. open reg edit? cake. open web browser? also cake. Move a file? cake? Change folder? cake. Always cake.
So, let me tell you my daily adventure (This actually has happened today).
My mates wanted to cheat on an online game a bit for some fun.
I won't tell which game it is, because it's so addictive and stupid I better not tell you, and no, it's not CoD, BF, CS, not even a FPS.
And one of them had bought a cheat, but due to limitations he could only use it on his own pc. If the server discovers the cheat was used on a different hardware ID, it would ban his login informations, and I was asked to make the cheat run on their PC, at the same time.
I began reading at the data going through the cheat on that guy's pc (with TeamViewer) and found out the request happened via HTML (php server).
And, awww, major cheat fail.
I redirected their hostname to 127.0.0.1 (thanks to the hosts file) and made a server on port 80 who emulated the html/php server, giving the same answers each and every time.
Guess what, it worked!
And now... How'd you call it?
Isn't it a hack, as in I edited the way it worked?
What course of action would you take if they were using public key encryption? E.g. it generates a random 64-bit number, encrypts it with the public key, sends it to the PHP script, the script uses the private key to decrypt it and sends back the unencrypted number.
@ SGH: Not bad, this is a 'crack' as in you cracked the programs security check I.E. it's ability to call home. But this is an accomplishment to feel proud of since you essentially out witted the developers. And no, I for one do NOT feel sorry for people who try to make money off of kids cheating at video games especially when they put that little effort into their security checks.
@ LB: Use Ollydbg or IDA Pro and open the binary up. Jump over the call home and set the check to always return 'success'. Alternatively use Wire Shark to catch the encrypted packet that indicates a successful ID check and basically emulate the server to send this every time like SGH already did. Also you could spoof the hardware IDs that the program tries the check in various ways depending on what hardware it is. Without seeing the code though, there is no way to know for sure which if any of these would work though.
EDIT: The second one would not work since you specified a random key. So I would open up telnet and start plinking at the server with random bits of garbage data to see if it defaults to any kind of un-encrypted format similar to how ESMTP is supposed to. Since you would have the random encryption key going out from your machine, the content of the un-encrypted packet, the response from the legitimate server and an unlimited sample size from the legit machine, I suppose you could try to implement it all on your fake server but that seems like it would be more work then the other ideas so lets call that plan 'D'.
@LB: At this point in time, it's too late.
Their cheat will not autoupdate as their server is redirected to mine, and mine is working flawlessly.
@Computergeek01: The flaw is, I could not touch their server.
They must not know the login informations, because Hardware ID's are being passed too, and the account could be banned.
Besides it's a flawful cheat and works in a really poor way.
I wonder why does people buy that.
Made my PC freeze all the times I tested it, for at least three entire minutes.
The login procedure worked well tho, but I wanted to see the results with my eyes.
And, uh, yeah, it felt good to feel superior to other developers.