Make sure to subscribe, and check out my patreon for exclusive content! www.patreon.com/TheMisterEpic

This is not just Minecraft's most powerful vulnerabilities, it is one of THE worlds most powerful vulnerability (CVSS of 9.8). A remote attacker can execute arbitrary code via the log4j component, and since it is an exploit in the logger, no one would be able to see if an atracker had gained entry.

The Log4j exploit (called Log4shell) was given a 10.0 severity rating on the CVE scale. The Log4J exploit ranked among the most severe vulnerabilities in software in the history of software. It sits on the throne alongside EternalBlue (which spawned Ransomware as we know it), Remote Code Execution in email servers for governments, and why the protocol FTP isn't even used anymore. It spawned a furious hellfire of system administrators patching their environments at a speed and urgency not even paced by Y2K.

Minecraft has more vulnerabilities than I have chromosomes

i love how the reddit post asking about the handshake exploit has a troll comment and a reply getting mad at them

It should be noted that server seeker going public makes cracked servers super vulnerable to forceop. When owners create these servers, they're unaware that anybody can join the server and log in with operator permissions

Using log4j to op yourself is up there with using a flamethrower to light a campfire.

Hello. I'm from PlanetMinecraft. Can I please become moderator on your KZbin channel to test some permissions?

I'm so glad the handshake exploit was finally explained, I was always curious about Minecraft change logs and that reddit thread never got anywhere.

grabbing some popcorn, anyone want some?

The Log4j vulnerability was actually FAR WORSE than just being a technique to gain an OP on a server. The vulnerability is dubbed Log4shell, and it is what it is. Being it that the library is widely used across the Internet in many popular Java apps and in many industry environments, the vulnerability that gives you an ability to remotely execute any arbitrary code (it is an RCE vulnerability), exploiting it is far more dangerous than just a silly Minecraft hack. Hackers were able to penetrate powerplants for example with this simple exploit. It's actually really scary that this vulnerability was found, and we still have no idea how much and how long it was exploited in the wild. Because the vulnerability was there for quite some time before it was discovered. It is patched now, but god knows how many machines were not only exposed with this vulnerability, but also actively exploited and penetrated. It's not just a silly Minecraft hack, that was a VERY serious deal.

8:52 quick correction: BungeeCord is a proxy/server software, not a standalone plugin.

I accidentally leaked my session id from a crash report for a sodium bug in 2023. So apparently Mojang didn’t fix the crash reports having the session ids.

I love how he is subscribed to Team Avo 6:06

i used to grief servers with the bungeecord exploit, me and a group of friends wrote a plugin that would act as the "hub" that would allow us to join the affected sub-server directly from the game with a command, change the name/ip that we were joining with, and a couple other things that i've forgotten now we were probably the first or second group of people to use it, fun times :)

That Gildfesh guy seems pretty cool

im surprised the 'i work for planetminecraft' line ever worked. no admin from another website ever deserves admin on ur server. its that simple.

A lot of new servers use velocity as bungecord is outdated and unsafe

Ah Scetch and Nodus. Was good times running around with him. That Session ID exploit was wild times.

2b2t players being traumatized by the string on the thumbnail

I wouldn’t be surprised if there is a new forceop method with the new components replacing nbt data in 1.20.5+.

back then, I believed someone was actually Notch on a server because they were able to appear as his account. Things were just different back then.

I'm the kinda guy to watch 17min videos before going to work in 5 minutes

your videos are always my go to night watch content

The biggest exploit is having KZbin rank on hypixel... ...talking about you, no lag back

The Handshake exploit brought back some memories. I remember seeing it posted and taking the risk of downloading it as people thought it was a login stealer. You could literally join any server with any username without any problem. Assumed it was more known.

8:18 this segment sounds like you spitting bars lmao

I feel like I’ve watched this before… I don’t know why, but I feel like I’ve watched this before

How are you making videos so fast!?! Love your videos ♥, its great that you've been getting much more active recently!!! I know I've already said this but , I like the vibe that your videos give me , high quality , nice and relaxing videos. Also , what do you use to edit your videos? 🤔

In 2013 I was the co-owner/admin for a server of a friend. There was another admin that had way too many permissions but I couldn't do anything about it because it was the owners decision, that admin fell for the planetminecraft scam. When I saw it happening in the console I deopped both the admin and the griefer and rolled everything back with coreprotect. Teached the admin a lesson through server broadcast lmao

The Sign ForceOP was actually stolen by the Wurst Client developer, he was not the one to discover it. A youtuber who i forgot the name of even made a video exposing the Wurst Client developer for blatantly copying his method, but i have never seen anybody talk about this or credit the original finder.

3:00 I remember writing that over 8 years ago

From experience from writing my own game, race conditions (talked about at 12:32) probably took away 2 months of debugging, they're a nightmare to debug.

ironicly the only one of these i have heard of was the log4j and the handshake I had no idea there is little info about it

i've made a couple of force ops for fun, the type that is a spawn egg that just summons and runs a armor stand that has /op {my_name} on it, ofc, it doesn't work if command blocks are off, but they're quite fun to make

“x views in y seconds bro fell off” 🤓🤓

I think we need more info on that last Java security vulnerability… it sounded wild and very interesting

I literally had the book method done to my server last year, great vid

FINALLY the op login to any acc released. I've been wondering how it was done

If you joined like hypixel with the handshake exploit, wuldnt you be invincible from the bans?

I remember learning to port forward at 12 years old just to use the nodus session stealer… good times man

I remember back on my brother's first attempt at running a server for his friends someone came in and destroyed the world with this exploit, Ender Dragons and Withers left and right. On his way out he turned on the whitelist as a parting gift and show my brother how to stop someone else from coming in to grief the world again.

This was posted 7 minutes ago, gonna watch it now

when its sunday and you remember you have to go to school tomorrow but misterepic uploads

cuz u found this you dont have to milk it out along 3 vids.

(on the oldest anarchy server in Minecraft....)

Let’s gooo, the mister epic upload ! 🐐

i think the most substantial exploits arent the ones limited to the game but the ones taht give you privelages on the server backend or user machines

Yet minecraft still want to stick to java...

I force opped once into a big minecraft event, i got perm banned but it was crazy

Yo what is the music you used in the timestamp 9:05 its so cool, i'd like to know the name of it. Please ??

I commented about this in the last video so thanks for mentioning it

Ive seen someones server get messed up by the bungee method because they didn't have the backends firewalled off. I had a good laugh from that.

iCHG and Avo era was amazing to see in real time

The history of ratting in Hypixel skyblock is insane

This guy needs to make a movie of minecraft news would be so good 😂

Force OPPA GANGNAM STYLE

At least use the full version of Space Valk 3 if all you're going to do is get B-roll of it. The incomplete version from years ago makes me sad : (

First plaied Minecraft somewhere near before beds where introduced, but not too long they where. I was like who should i suppose to fight all these monsters?

wait its been almost 3 years since log4j?? dam

wait i just watched this video earlier today why reupload

Felt like this was talked about before.

Perfect timing, bedtime 👍🏻

Btw that not all force ops , u forgot about aka - plugin called backdoor:)

Its a good day when a new duping video lands on the internet

This might give me nightmares, thanks

@TheMisterEpic Hm? I watched LifestealSMP some time before, and didn't spoke use the Handshake method to get OP on the server? Or was it just a similar glitch?

Man i remember using Session Stealer. I was shocked when it worked

day 1 of asking TheMisterEpic to oil up

I liked my own like

15 sec ago hello is anyone here? Just me? Ok (refreshes) never mind i guess

14:04 i would love a video about creative plot worlds and their history/what happened Its rare to find any of these servers today. i used to play alot in a brazilian server called SkyCraft, it was the most fun i had with multplayer

It feels like this is reupload

bro what is with the bg music, why is it so creepy when the video is abt some kids trynna be online gangsters

Minecraft has more vulnerabilities than I have braincells 💀

I was actualy friends with Diedae The owner of the server at 2:40 After that Grief he had a Mental breakdown and Changed his name and Stopped talking to all his original friends Because he thought that we got bought out by The griefers

Anarchy players abusing vulnerabilities that could pose as a national threat, so they can steal someone’s base coords:

No idea what this is but I'll watch you never the less :)

How do you make the enchantment glint look like that please I need it

9:37 how would I do this? Investigating this to fix my setup

Is this a reupload? I could have sworn that this video was already posted...

I swear, Minecraft is one of the most vulnerabile games in terms of its security

Not only was nodus the biggest hacked client of all time, it was so big it was synonymous with hacking

So how is your first youtube video a patreon exclusive?

Oh man i remember that icanhasgrief video like yesterday!

You have miniature testing ???

What’s good nice video .

hold up now, u sped thru that last lil bit there about the command u could type that would give u op and control of a persons computer. idk i think it was log4j ik its probably very limited info on that particular method n probably less you could actually speak of on here, but of all the methods u described in these videos that very last one was very obscure, ive never heard about that one in it peaked my interest because something with that level of control to exert would be very dangerous exploit indeed, not just for servers, alot of these hacks and exploits most pertain to in game control, but one like that, just imagine u know we got old people running our countries u know their grandkids play minecraft how long before some anarchy player gets into REAL trouble for getting into the wrong computer

isnt this a re-upload? i swear i've seen this video already

but is this stronger than "imfromplanetminecraft exploit" tho

I love the part where the mister epic force opped all over the place

The most recent force op exploit was fumbled by people who didn’t know the potential

I remember ForceOP, destroyed one of my favourite servers

One hour gang

wait is this is a re-upload??

"I'm from PlanetMinecraft" would convince people to op you? Wut. Why would a rando with a PlanetMinecraft account get opped? People wouldn't even have to lie about it if they just made an account first.

I will try that

0 hour gang?

14:59 hmmm that link looks familiar

On Minecraft Wii U it's basically the average day to get someone to force op themselves.