Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Minecraft "Insecure Mode" Detection Script

From: Toni Ruottu <toni.ruottu () iki fi>
Date: Mon, 20 Dec 2010 15:35:14 +0200
  Merry Christmas time!

This time I wrote a script for auditing security of Minecraft. The
Minecraft multiplayer server has an "insecure mode". When running in
this mode the server does not verify usernames against minecraft.net.
Running the server in insecure mode makes it possible to play the game
offline despite the authentication server being unreachable. As a
side-effect the game allows any player to enter the game with any
username, even ones registered to other users. See
http://notch.tumblr.com/post/942787216/minecraft-alpha-1-0-16-minecraft-server-0-1-1-and-a
for details. Minecraft multiplayer server admins can run the attached
minecraft-auth NSE script against their online servers to make sure
they are not running in the "insecure mode".

  merry hacking, --Toni

Attachment: minecraft-auth.nse
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: