Minecraft Blogs / Article

Server Owners BEWARE! Minecraft Force Op Book Exploit

Published Jun 19th, 2015, 6/19/15 10:54 am
  • 18,082 views, 8 today
  • 7
  • 5
  • 19
LiquidCastle's Avatar LiquidCastle
Level 30 : Artisan Button Pusher
4

Server Owners BEWARE! A new force operator exploit is present in hack clients!



'Hack clients', are getting more and more advanced, have recently released a new feature. Illegal client modification users can now create books that can make them Operator on your server! That's right, a writeable book that forces op. Not only can these be used to force op, but a player can make other players do unwanted commands as well, such as pay them economy money, or they can give the books to lower staff with a /ban command to ban a player that they do not like. This can be helpful for adventure map makers, but for server owners, it could be a tragic nightmare.

Basically, the hack client user is able to make a book use commands by having someone click inside of the book. There are currently two hack clients that support this, Wolfram and Wurst.

How does this work?

Wolfram:
  1. The hacker will go to GUI > Mod Menu Other > Enable Command book.
  2. They will then go into chat/command window: .cbook command (.cbook /op [minecraft username]).
  3. Then they will create a book and give it to an admin or owner.


Wurst:

  1. The hacker will craft a book and quill.

  2. They will then type some text into it. Usually a URL so that people will believe it is legitimate.
  3. They will then click Sign and give it a title.
  4. Once that is done, they will click Command Link and type in any command.
  5. They will click Done.
  6. After they are done with that they will give it to the admin or to whoever they want to trick.

Be careful with books, warn other players, share this article, etcetera.

Thanks for reading!

-David (SirNoob)
Tags

Create an account or sign in to comment.

2
01/04/2020 1:04 pm
Level 20 : Expert Spleefer
Nothsa
Nothsa's Avatar
Sadly, a guy came onto my anarchy server for 1.15.1 and gave me a book like this, I did not open it, because i found this post first. And i banned him for the reason, "I'm not a noob kid."
1
07/27/2019 2:27 pm
Level 38 : Artisan Imposter
kacybuggy
kacybuggy's Avatar
this was actually four years ago, but people on my realm atm are being bookbanned. how to solve this?
1
08/01/2019 1:17 am
Level 1 : New Miner
farpras
farpras's Avatar
I think the solution for realm is removing the book from the user inventory using NBTExplorer.
1
08/03/2019 8:47 pm
Level 38 : Artisan Imposter
kacybuggy
kacybuggy's Avatar
i dont know what nbtexplorer is, but i have fixed it. i just did /clear on them and they were unbanned. there were three victims.
1
03/04/2019 10:48 am
Level 1 : New Miner
max_malfoy
max_malfoy's Avatar
Clients aren't illegal, minecraft is an open source game that requires you to pay to play. It is perfectly legal to make sure to the game or download them. Other wise minecraft wouldn't make it so easy

Edit: the force op it's self is illegal and could earn you prison time. It is effectively a trogan horse that infiltrates the server pretending to be something else, often a link
1
06/27/2017 7:47 am
Level 4 : Apprentice Network
Brenton
Brenton's Avatar
Unfortunately I just had this happen to me. A player came onto my server and was acting awfully strange. He went to our events/creative world where he pulled out various blocks, which include but were not limited to command blocks. He then threw a book down on the ground saying that it was an original by Notch. I wasn't aware that things like this were even possible so I opened it out of curiosity.

Fortunately I was the only other person online and I was smart enough to thwart his attempts at banning me and taking control of the server. After the server shut down and some quick coding, I was able to get him removed and banned.

I run Spigot 1.11.2 - Are there any fixes for this yet?
1
11/08/2016 8:21 am
Level 1 : New Network
SinScape
SinScape's Avatar
Thanks for posting this!
The Spigot developers have recently fixed this bug. It's reccomended you use Spigot instead of Bukkit if you want to be safe. If you still prefer Bukkit, click here for the Spigot exploit fix.
1
03/26/2016 6:58 am
Level 1 : New Miner
Itzrowrow52_
Itzrowrow52_'s Avatar
bookcrasher gave me a illegal book what should I do?
1
07/28/2015 4:03 pm
Level 2 : Apprentice Explorer
TopMatthew1
TopMatthew1's Avatar
People are indeed getting more ignorant of hacked clients. Of course this works as of 1.8.7, the people saying it does not are referring to hack known as sign crash and sign op, which allowed a user to right click the sign they placed to op themselves. Just so you know, you would be very surprised at the number of server admins who hack. My co-owner hacks, but it is a building client to instantly create walls in different parameters, cylinders, and various structures to make arenas and such.
1
07/28/2015 4:43 pm
Level 57 : Grandmaster Cyborg
Pepijn
Pepijn's Avatar
They aren't "hacked clients". They're modifications to your client, just like mods.
We're talking about certain exploits these modded clients are currently using and these exploits have mostly been fixed in 1.8.7/1.8.8
view more replies ( 3 )
Planet Minecraft

Website

© 2010 - 2024
www.planetminecraft.com

Welcome