PoC-tool showing how hackers can use the Bruteforce technique to hack your minecraft servers through RCON.
The tool works like this:
- You set the IP address of your server, and if you have RCON located on another port other than 25575, you can set it manually.
- You set the path to the list of passwords (wordlist)
- After starting the tool, you have to wait a little while it tries every password in the list.
- If successful, you will receive a response that your server has been hacked like by this method.
You will need Python (Version 3.8+ preferred) and GIT installed on your device.
Run these three commands:
git clone https://github.com/metah4cker/mcbrutal.git
cd mcbrutal
pip3 install -r requirements.txtInstallation completed!
usage: mcbrutal.py [-h] [-p PORT] [-w WORDLIST] host
positional arguments:
host ip-address of server
options:
-h, --help show this help message and exit
-p PORT, --port PORT rcon service port (default -> 25575)
-w WORDLIST, --wordlist WORDLIST
path to the wordlist (file with passwords) (default -> passwords.txt)Example:
python3 mcbrutal.py localhost -w rockyou.txtFirst recommendation: don't use RCON. This technology is weak and can be hacked by hackers in a similar way (using brute force) or using conditional Wireshark sniffing (assuming RCON does not use TLS).
The second recommendation is to use SSH to access the server remotely. This will make it possible to get rid of problems with RCON and make the same hacking more difficult using brute force.
Written specifically for the cybersecurity telegram channel Meta Hacker Subscribe and learn cybersecurity with us!