Jump to content
Please read the rules and FAQ before starting a new topic
Currently supported: All versions

Potential RCE Zero-Day Exploit Targeting Forge 14.23.5.2860 (1.12.2)

Yoyoyopo5

By Yoyoyopo5
in Support & Bug Reports

 Share

Recommended Posts

Yoyoyopo5 Tree Puncher

Yoyoyopo5

Posted
Posted (edited)

Hi Forge contributors and users,

I was running a public modded server using Forge 14.23.5.2860 on Minecraft 1.12.2 (Enigmatica 2 Expert 1.90e) when a malicious user gained control of the server and executed code remotely on every connected clients device. I have live video evidence of this occurring and the hacker/developer of the exploit claiming that it is an unknown zero-day exploit. I believe the developer in question is the one who created the exploit. Sadly, the remote code executed on client PCs was used to steal browser sessions and info as well as active Discord and Steam sessions.

I'm sure many of your are aware of the log4shell exploit from 2021 that Forge was protected against. I don't believe this exploit was log4shell, but it's behavior is nearly identical, and thus I believe the severity is very high. Unfortunately, I am unable to recreate or understand the exploit in any way at this point, and the developer is not being forthcoming in how it is performed either (I think he intends to sell it for a profit). I'm mostly certain that this exploit affects Forge specifically, and most likely only Minecraft version 1.12.2.

I am providing a Youtube link to the unedited VOD from the livestream when the attack occurred (chat is blurred at some points to protect private information that was leaked). In the description of the video there is also a link to a .zip archive that contains relevant client and server log files from the session. Hopefully these are of some help, but from what I've looked at I couldn't find much at all pertaining to how the exploit was performed. I'm hoping that with all of this information someone more knowledgeable than me with Forge will be able to figure out more details on the exploit.

Link to VOD (relevant timestamps are included in Youtube description on the video):

 

Edited by Yoyoyopo5
  • 2 weeks later...
LexManos Reality Controller

LexManos

Posted
Posted

The concept is a known exploit that has been around for several years. It is not something that is caused by anything in ours, or Minecraft's end. 
It is unfortunately a risk when using mods in Minecraft. They are arbitrary jars which can have any code in them. This is one of the reasons we push people to use the latest versions.
This particular case was fixed in BdLib for 1.16+ and the author has no intention of back porting.

I do Forge for free, however the servers to run it arn't free, so anything is appreciated.
Consider supporting the team on Patreon

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

Announcements



  • Recently Browsing

    • No registered users viewing this page.

  • Posts

    • abdullah4657
      Game crashed in java forge 1.20.1

      By abdullah4657 · Posted

      Hi, I have a problem in minecraft java (only in forge 1.20.1), When I start the game after a moment the game crashed with code 1 this only in forge 1.20.1 , I tried to reinstall java, Upgrade java to 17, update the drivers to the latest version, downgrade the drivers to the pervious version, deleting .minecraft and reinstall it , but none of these ways working.   here is the log:   [Launcher] Launching Minecraft... I'm hiding! mods after C:\Users\Windows\AppData\Roaming\.minecraft\mods\tl_skin_cape_forge_1.20_1.20.1-1.32.jar [InnerMinecraftServersImpl]  search changers of the servers read servers from servers.dat [] [InnerMinecraftServersImpl]  prepare inner servers save servers to servers.dat [Launcher] Game skin type: TLAUNCHER [Launcher] Starting Minecraft Forge 1.20.1... [Launcher] Launching in: C:\Users\Windows\AppData\Roaming\.minecraft Starting garbage collector: 96 / 227 MB Garbage collector completed: 60 / 214 MB [Launcher] Processing post-launch actions. Assist launch: true =============================================================================================== [05:29:03] [main/INFO]: ModLauncher running: args [--username, *********, --version, Forge 1.20.1, --gameDir, C:\Users\Windows\AppData\Roaming\.minecraft, --assetsDir, C:\Users\Windows\AppData\Roaming\.minecraft\assets, --assetIndex, 5, --uuid, *************************************, --accessToken, вќ„вќ„вќ„вќ„вќ„вќ„вќ„вќ„, --clientId, null, --xuid, null, --userType, mojang, --versionType, modified, --width, 925, --height, 530, --launchTarget, forgeclient, --fml.forgeVersion, 47.3.22, --fml.mcVersion, 1.20.1, --fml.forgeGroup, net.minecraftforge, --fml.mcpVersion, 20230612.114412] [05:29:04] [main/INFO]: ModLauncher 10.0.9+10.0.9+main.dcd20f30 starting: java version 17.0.12 by Oracle Corporation; OS Windows 10 arch amd64 version 10.0 [05:29:15] [main/INFO]: Loading ImmediateWindowProvider fmlearlywindow [05:29:24] [main/INFO]: Trying GL version 4.6 [05:29:60] [main/INFO]: Requested GL version 4.6 got version 4.6 [05:29:67] [main/INFO]: SpongePowered MIXIN Subsystem Version=0.8.5 Source=union:/C:/Users/Windows/AppData/Roaming/.minecraft/libraries/org/spongepowered/mixin/0.8.5/mixin-0.8.5.jar%23100!/ Service=ModLauncher Env=CLIENT FATAL ERROR in native method: Thread[pool-2-thread-1,5,main]: No context is current or a function that is not available in the current context was called. The JVM will abort execution.     at org.lwjgl.opengl.GL11C.nglGetString(org.lwjgl.opengl@3.3.1+7/Native Method)     at org.lwjgl.opengl.GL11C.glGetString(org.lwjgl.opengl@3.3.1+7/GL11C.java:978)     at net.minecraftforge.fml.earlydisplay.DisplayWindow.initRender(fmlearlydisplay@1.20.1-47.3.22/DisplayWindow.java:209)     at net.minecraftforge.fml.earlydisplay.DisplayWindow.lambda$start$5(fmlearlydisplay@1.20.1-47.3.22/DisplayWindow.java:292)     at net.minecraftforge.fml.earlydisplay.DisplayWindow$$Lambda$437/0x000001fab120a618.run(fmlearlydisplay@1.20.1-47.3.22/Unknown Source)     at java.util.concurrent.Executors$RunnableAdapter.call(java.base@17.0.12/Executors.java:539)     at java.util.concurrent.FutureTask.run(java.base@17.0.12/FutureTask.java:264)     at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(java.base@17.0.12/ScheduledThreadPoolExecutor.java:304)     at java.util.concurrent.ThreadPoolExecutor.runWorker(java.base@17.0.12/ThreadPoolExecutor.java:1136)     at java.util.concurrent.ThreadPoolExecutor$Worker.run(java.base@17.0.12/ThreadPoolExecutor.java:635)     at java.lang.Thread.run(java.base@17.0.12/Thread.java:842) Here I am! [VersionManager] Refreshing versions locally... [VersionManager] Versions has been refreshed (6 ms) [Launcher] Launcher exited. [Launcher] Minecraft closed with exit code: 1 flush now [Launcher] [Crash] Signature "Bad video drivers" matches! [Crash] Signature "Bad video drivers" matches! [Launcher] [Crash] Crash has been recognized! [Crash] Crash has been recognized! flush now
    • TileEntity
      java.lang.RuntimeException: Could not execute entrypoint stage 'client' due to errors, provided by 'serverbrowser'!

      By TileEntity · Posted

      Remove the mod serverbrowser
    • hrtlaces
      java.lang.RuntimeException: Could not execute entrypoint stage 'client' due to errors, provided by 'serverbrowser'!

      By hrtlaces · Posted

      https://mclo.gs/9Byd16j Hi, I've had my BetterMC world for a couple days now (1.19.2 vers & Fabric loader) but recently whenever I try to open the profile the minecraft launcher crashes and provides this error code. I've checked both this forum and google and haven't found any similar problems or solution to my problem. I'm not the best at reading crash logs but I gathered that there's an issue with fabric possibly, so I re-downloaded the same one on the modpack, then the latest version for 1.19.2 fabric and the issue still occurred. What can I do now?
    • gurdurs
      minecraft crashes on launch and i cant seem to figure out why

      By gurdurs · Posted

      it works now but idk why lmao. i removed terrablender and it didnt work. i then left it for a couple of days and, when i came back, updated the mods that needed updating because "what's the worst that could happen". i then tried launching it and now it works. i genuenly have no clue what i did to make it work, othen than updating the mods. so, thanks for your help
    • Hüseyin4444
      SERVERS

      By Hüseyin4444 · Posted

      BIEEMQ  

  • Topics

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept