Nmap Development mailing list archives
Minecraft "Insecure Mode" Detection Script
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Mon, 20 Dec 2010 15:35:14 +0200
Merry Christmas time! This time I wrote a script for auditing security of Minecraft. The Minecraft multiplayer server has an "insecure mode". When running in this mode the server does not verify usernames against minecraft.net. Running the server in insecure mode makes it possible to play the game offline despite the authentication server being unreachable. As a side-effect the game allows any player to enter the game with any username, even ones registered to other users. See http://notch.tumblr.com/post/942787216/minecraft-alpha-1-0-16-minecraft-server-0-1-1-and-a for details. Minecraft multiplayer server admins can run the attached minecraft-auth NSE script against their online servers to make sure they are not running in the "insecure mode". merry hacking, --Toni
Attachment:
minecraft-auth.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Minecraft "Insecure Mode" Detection Script Toni Ruottu (Dec 20)