Here Before 25k! (Pls pin lol)

Interestingly i once saw this as an opportunity to bypass the "login lobbies" of semi-premium servers but at the time (aroun 2018) i wasn't savy enough to know how to breach those defenses, this was a very good documentary...

As a server owner, and developer for MC Mods/Plugins you did an amazing job explaining all of the systems talked about in this video! Great video for those who want to learn about the basics of Bungeecord security & networking works as well! I also loved the small jab at Eclipse LMAO 11:28

I can't believe Hypixel made themselves vulnerable to the exploit that normally only occurs on all the 10yo kids first bungee networks.

so basically, every once in a while, a genius comes and somehow hacks Hypixel. they found out they asked about it sometimes they tell, sometimes they don't and at the end they fix all and ban / wipe / punish the hackers. crazy stuff but bro has brains

To be fair, its a good thing he disclosed said method which this guy could be considered a Grey hat hacker, since he didn't do it with permission, but seeing as he helped the admins and devs, well - he technically got away. I would prefer to use a White hat method, but obviously I would only use "burner" accounts (with permission) and tell the admins about such. This is part of cybersecurity, and can be known as other names, especially ethical hacking. Although some countries deem it as a grey area, it is what it is.

As someone with extensive experience in system administration and Spigot plugin development, I think that this was a nice explanation of the exploit. However, I have one correction to make: Velocity is NOT a fork of Bungeecord, but an independent project serving as an alternative to PaperMC's now discontinued "Waterfall" Bungeecord fork that aims for higher performance and security

WHY IS NOBODY TALKING ABOUT HOW ON THE MAP IN THE INTRO NZ IS JUST ROTATED UK 😭

How da hell im i subscribed I think you hacked me

1:51 "Your latest 2 week Minecraft phase?" He knows us good xD

8:28 A needle in a haystack in a field of haystacks.

Hypixel's lucky this wasn't a malicious hacker, in this guy's position I'd start Mass-Banning Hypixel moderators on the spot because I find their staff team corrupt as hell

Random comment but me and my friend are currently taking a Cyber Security class studying for the SC-900. Your explanation of the encryption system genuinely taught us better than our teacher. Hope to see more of this kind of content, maybe your explanations will help us pass the SC.

I came to watch how one guy hacked Hypixel but learned the whole computer science, wtf! Amazing video dude, immediately liked and subbed!

i LOVE how you explained this, its not even hard to understand with your visual examples

"i would NOT use eclipse" 😭😭

5:49 Ithlught that was gonna be a sponsorship lol

15:04 Being a government hacker on you're goverment's side is a job.

im impressed, never saw this channel and having "minecraft/hypixel" and "hacked" in a video title doesnt sound promising (theres too many fake "i griefed server XY" or "i hacked server XY" on this plattform). but im really surprised, this is a really informative video and im glad i stumbled over it. thanks for taking your time to educate us 👍

moyang

ah yes, hack the subscribe button The subscribe button: javascript:void(0)

15:03 hmm i guess I can start hacking now

amazing video- great balance of technical detail and accessibility to everyone. Keep up the great work!

insane quality and attention to detail from an underrated channel

first video i ever watched from you- i put this on for background noise and slight bit of entertainment as i ate a bowl of cereal, praying that you wouldnt be a super quiet content creator that my eating would drown out... just to find out that you are very much not quiet and do your own subtitles.. based as hell, im def coming back here again lmao

I've learned more Cybersecurity concepts in this video than my own college course back in the day. I love this video.

Not gonna lie, this was such a good documentary. I'm surprised you only have 18.4k subs since your content is peak. Keep it up bro, earned another sub!

I like the way you explained all of this. I work with servers, and IPs, ports, proxies, firewalls and backend servers are something I deal with on a daily basis, but took me a long time to understand when I started. Would have loved to have your video back then.

In just 2 hours There is already someone who archived it In Way back machine This video Is really Great.

You did a fantastic job at describing all the server security feature then some of my professors lol

"Cybersecurity professionals need to win every time, attackers need to win only once."

I learned more cybersecurity in this video then my actual class- IN 15 MINUTES.

The fact that you have to install a seperate plugin so the backend servers can validate the authenticity of the bungeecord server is insane. Like the whole authentication is handled by bungeecord. Applications like this should be secure by default.

Very well done explanations! Just finished a proxy system for my server, and I had to learn everything you explained so will by myself. If only I had these videos a week earlier!

as someone tryna get into cybersecurity and also love minecraft, this was the best video i have ever seen

As per US laws, this almost certainly wouldn’t constitute hacking, because the “hacker” in this case never entered any kind of password or secret, and didn’t abuse known a software bug to bypass such authentication. Misconfiguring a server and giving someone access because you didn’t properly authenticate them is, in fact, not a violation of the computer fraud and abuse act.

That's crazy. As someone who has been doing server development and some pentesting myself over at least a decade now, I'm surprised as to how easy of an exploit went unnoticed for so long. I've actually done this before as a test on some smaller servers I worked on as well. Crazy dude. Edit: The fact that they were still using Legacy Bungeecord as well is insane.. but, it makes sense seeing that the server itself is really old and has thousands of players that still play today.

I actually got into hypixel's servers the same way this hacker did a few years ago... Only i truly didn't have any malicious intentions and instead formally informed the hypixel staff. But looking at this video i think that if i hadn't informed the hypixel staff that this hacker could have done way more since back when i did it i had full system access to i believe almost all systems in their internal network. Of course for everyone reading... I do not encourage anyone from actually hacking and stuff.. All i did was simple scans that anyone can do easily, only not everyone knows how to leverage those scans to see the full extend of all the vulnerabilities. If you ever do these things, be responsible and inform the people who the systems belong to, and don't be a shithead and mess with their systems

this is an incredible video man, editing and info wise, loving it! you just gained a new sub

Genuinely informative and overall well made video! It's honestly surprising that Hypixel didn't have (an equivalent of) BungeeGuard for their servers. learning something new behind big servers haha

damn that was well made video insane man also i remember when servers were running 1.8 bungeecord so simple to get to the server bypass authme and grief them i remember i had friend who was very insane in this stuff we griefed one german server like it was fun got bored quickly since nobody was there well anyways keep posting more vids il watch them if its like hypixel history related ;D

If you ever get bored of Minecraft videos, please make white hat hacking/computer science explanation videos. I already knew most of the stuff here, but I was surprised at how well it was explained here. I'd love to have such videos back when I was studying this.

1:40 It's already 23.3k subs

It's wild that you kept my attention while describing how logins work

i love how you so effortlessly explained asymmetric encryption in 3 minutes better than my computer science teacher did in an hour

11:48 damn... all the evil hacker wanted was friends all along 😔

Hypixel having a max player count of 50k with an average of 30k people being on at any given time is really crazy to me. I started playing hypixel in 2015 and haven't been on since 2020. I was online when they hit the maximum connected players (555k at the time) record & sent out a server announcement through chat to thank everyone for playing. Very surprised that the new generation doesn't have much interest in playing multiplayer servers anymore.

Wow I remember the players with level 5,000+ and had no idea this is what took place. I’m pretty sure hypixel covered it up at the time, claiming they abused some bug

Very good vid, story telling and explaining. Enjoyed watching it through, keep it up!

this is how must stuff work when it comes to securyty that there exist a flaw until someone find that flaw and then that flaw is patch and thats how the securyty gets greater and greater

Bungeecord in this sense could be also called a load balancer. I guess reverse proxies are all load balancers if configured to do so. Side note: great video, wasnt expecting such s low subscriber count with this quality.

Great job explaining concepts of server scaning in simple terms!

Public Private Key encryption does not work backwards. The server just makes it own private key and sends clients the public key, so they both have each other's public key. ultimately meaning that when you encrypt something with the public key only the designated receiver(Whoever has the private key that matches the public key) can recieve it.

Some dude finds an exploit to hack the largest MC server in the world. And yet I get banned for accidently using a harmless exploit that no one told me I shouldn't be able to do. I think I'm still salty about it.

Bro is so underrated. I learnt more from this than in computing class.

Amazing representation for ports, i've always explained it to my friends as doors to a house but this was a nice well made video for sure. subbed.

i actually love this editing style so fucking much

well, that's why port plus cidr scanning is so important loved the video, really well explained.

"security is not a process, it's a state until you got pwned"

„it wont work with your friends server“ my ass who has a bungeecord server😂

Instructions unclear, accidentally hacked Minecraft and banned Moyang. -1/-10

Really well explained. I'm pretty familiar with pentesting and how that stuff works (I work with it and daily drive BlackArch and Qubes) and I love how you ELI5'd it so well so people can understand easily. That hacker was an absolute legend, found the backdoor and responsibly just said what it was so they could patch it, and didn't abuse it for his monetary gains. That's how we do it. Thanks for making this video, it was definitely a good watch. Definitely subscribed!

1:14 wow tysm for this free cats clip

Bro the way you explain things is crazy good

here before 25k! Great video bro!

Well, you've earned a sub! Made me a little more interested in hacks since my microsoft account just got hacked... good job on the explaination!

It actually used to be possible to steal someone's key just by having them join your fake server. Had some fun with that back in the day O7

Crazy good explanations / editing in PERFECT pace 😍✨💅😮‍💨

It’s not the first time that Bungeecoord is involved with security flaws on authentication, there were quite few similiar exploits in the past and yet seems nobody even in Hypixel learned their lesson

Nice informative video on internet security and technology! Well done.

That hacker totally deserved keeping the creative mind 🤣

2:57 = NERD ALERT

This is a really good video, i love the editing

As someone who started working with Minecraft servers almost a decade ago, it's hard to believe Hypixel dev team managed to make such a basic mistake. Using a firewall in this scenario is a bad practice - the backend servers shouldn't even be open to the WAN, and the traffic between them and the proxy server should only go through LAN. The verification key between proxy and backends is also a standard for years and over half the existing server networks use it.

Great video, very good explanation of ports ( towns ).

it's crazy how ONE MAN hacked hypixel man.. not an alien or a god, just one man. 👽

If minecraft hackers and war thunder classified documents leakers used their power in anything other than videogames the internet might shut off

I love the way you explained things in the video, I actually understood something for once

peak content, you're so underrated

Awesome video, love your explanations and editing :)

The port explanation was amazing!

my guy could destroy entire hypixel economy but decided to give freebies to himself and his friend and then share with the admins how he did it. What a chad

why can't teachers explain tokens that well?? you are the best teacher of those things!

really good vid and nice explanation. as a java dev myself i have a lot of experience in this and yeah i can say most of the things this guy said is true. There were too many ads tho...

There was a 50% chance clicking on the video that it was going to be about you 🤣

Very very Underrated Video, keep up the good work. Rn the video is at 52,288 view, and I wont be surprised if it hit 2-3 mill.

i remember doing this same exploit on some smaller servers, i didn't think hypixel would have ever had this issue considering how large they are.

me when million dollar company does "small" oopsie

taught me about asymmetric encryption better than my cybersecurity class 💀

You explained all concepts very well!

that's probably the best metaphor for what a proxy is, cheers

Small correction: Velocity is NOT a fork or Bungee cord, it's an entirely new reverse proxy from the ground up.

Really didn’t think I’d see Thomas on my fyp haven’t seen anything since tfm

As someone trying to get into cyber and tech these were great explanations of all the concepts involved I really loved the port scan metaphor in particular!

my cousin found an exploit to ban people from entering a chunk and hypixel hired him to use it before it was patched

plot twist: he asked nicely if he can have admin and hypixel gave him admin

Good vidéo ! Continue like this !

Hacked the subscribe button just for you. Interesting video, thanks for putting in all the effort to bring it to us!

the 2 week minecraft phase is real

I LOVE YOUR EXPLAINATION FOR AUTH TOKENS