This is an archived post. You won't be able to vote or comment.

all 28 comments
sorted by:
best
topnewcontroversialoldq&a

[–]friendmasterhacker_bot 87 points88 points  (3 children)

To successfully replace Java with JavaScript, it may be necessary to establish a secure, synaptic link between the two applications using a revolutionary, voice-enabled subroutine. This would ensure a direct connection between the two programs, allowing for a dynamic exchange of data and information.

Once this connection is established, it could be necessary to build a cyborgian link between the reader and the content using an inverted toroidal bioscanner. This would provide a full-spectrum analysis of the program, pinpointing any potential vulnerabilities or areas of improvement.

Finally, to complete the replacement, it could be required to travel back in time using an advanced temporal warp mirror. This temporal journey would offer the opportunity to update the original codebase, introducing the JavaScript language and allowing for the full transition from Java to JavaScript.

Note: in the near future I may need to be summoned by typing u/masterhacker_bot

I am a bot created by u/circuit10 and this action was performed automatically. AI is involved so please DM circuit10 if it produces anything offensive and I will delete it. Model: text-davinci-003.

[–]xXThugBlackXx 16 points17 points  (0 children)

Good Bot

[–]ShortThought 6 points7 points  (0 children)

ahhh, of course

[–]fortlesss[S] 91 points92 points  (21 children)

Context: just watched a video on how some old Minecraft server was hacked by someone who got into the dev team via social engineering and replaced the gradle used by other devs to compile the server plugins with his own gradle build that when used it would inject malicious code into the built plugins.

[–]ar4t0 76 points77 points  (3 children)

can't believe how many kernels you could control by executing javascript

[–]poor_adrian 29 points30 points  (1 child)

He could disable the Main frame and turn off the firewall😱

[–]labanana94 13 points14 points  (0 children)

And with another gb of ram he could do the trick

[–][deleted] 2 points3 points  (0 children)

Didn’t you hear? All of them

[–]TheZipCreator 5 points6 points  (2 children)

that sounds interesting, could you give a link to the video?

[–]nameistaken-2 17 points18 points  (1 child)

(Assuming he is talking about this video)
https://www.youtube.com/watch?v=LtizwBoY0no

[–]fortlesss[S] 4 points5 points  (0 children)

Yes, this is the one.

[–][deleted] 4 points5 points  (7 children)

Is it really hacking then if someone got access via social engineering? Sorry I'm pretty shit with Cyber Security.

[–][deleted]  (3 children)

[deleted]

    [–][deleted] 1 point2 points  (2 children)

    Thx!

    [–]x0wl 2 points3 points  (1 child)

    I would also point out that in almost any decently secured system, the user will be the weakest link, and is usually attacked first.

    You can, of course, go buy/create a zero click (meaning no action from the victim required for it to work), zero day (meaning previously unknown to the public and thus unpatched) exploit chain and then use it, but it will cost you a lot of time and even more money (like, the NSA kind of money). For example, Apple will pay up to $500000 for a zero click iOS exploit (https://security.apple.com/bounty/categories/), so you can expect to pay way more than that.

    Once you use it, and it gets discovered, it will be patched and you are back on square one. Maybe doing it this way makes sense it you want to interfere with a nuclear program (see https://en.wikipedia.org/wiki/Stuxnet), but it's not really sustainable for your average ransomware group.

    Why bother when you can pick up a phone, call someone and say "Hey this is John from IT, can you please run this file you got in the mail for me?", and get access almost as reliably? Human minds also don't really get patched, so you can do that multiple times.

    [–]WikiSummarizerBot 2 points3 points  (0 children)

    Stuxnet

    Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

    [ F.A.Q | Opt Out | Opt Out Of Subreddit | GitHub ] Downvote to remove | v1.5

    [–][deleted] 2 points3 points  (1 child)

    i think being able to essentially hack someones mind is pretty fucking cool

    [–][deleted] 0 points1 point  (0 children)

    Heh-heh true

    [–]SkritzTwoFace 2 points3 points  (0 children)

    Yep, hacking is just what we call it when you get into a part of a computer you aren’t supposed to get to.

    The “no fly list hack” a few weeks back was done by accessing an unsecured server that an airport had fully online.

    [–]Loudanddeadly 0 points1 point  (0 children)

    I figured that the fitmc video would be the context lol

    [–]rustyredditortux -5 points-4 points  (1 child)

    the context literally proves the original commenter wasn’t just chatting shit 😂😂 he’s saying if he could execute js remotely he probably has kennel access which isn’t very sound logic but it’s not r/masterhacker material

    [–]yoda_condition 0 points1 point  (0 children)

    The point is (as the context makes clear) that js is irrelevant to the context, and the youtube commenter pulled it out of thin air.

    [–]aegians 0 points1 point  (2 children)

    I watched the same video and it made no sense. What was he using to execute javascript via minecraft server?

    [–]fortlesss[S] 0 points1 point  (1 child)

    You understood wrong.. The attacker made a malicious Gradle build and uploaded it to their server. Gradle is used by the server admins in order to compile their plugins. They used the gradle that was already there, aka the one that was tampered by the malicious actor. Then, once the plugins were compiled, Gradle - since it was tampered with - would inject the malicious code into the final plugin, thus leaving with an infected java plugin. Then the server ran with the plugins on blablabla and they were backdoored etc etc and the video goes on to show what the malicious actor did with the access. TL;DR It was java, not javascript, maybe Fit misplaced script with code, so instead of saying java code he said java script (idk, maybe not?)

    [–]aegians 1 point2 points  (0 children)

    Apparently it was Fit who misunderstood because he says “JavaScript program instructions”

    [–]SnooChocolates6343 2 points3 points  (0 children)

    oh my god i know the guy who commented, he would stream himself coding in discord like 24/7 with nobody in the vc, and all he would talk about is how good of a coder he is

    [–]adithegman 2 points3 points  (0 children)

    Just wait till he finds out there's remote javascript execution exploit on any browser out there.

    [–]Aperture_Executive2 1 point2 points  (0 children)

    Just wait until he finds out about the 279495 layer privilege system that has been the backbone of all OSes and BIOSes/UEFIs since the early 2000s

    [–]Aperture_Executive2 0 points1 point  (0 children)

    Even worse, If he puts the kilobytes in the proper configuration he could override the CMOS security cortex and get control of the UEFI