Version 3.0 / DarkReaper231 Additions

[erxson]

there are some new commands

[MajesticWaffle]

EDIT: this isn't true.

Some neat shit in here, but there was also a grabber that sends the author a discord message with all your system's specs and ip and shit. Stay safe out there ha ha.

[SolsticeSpectrum]

No it is just prefix grabber. I have legit usage for it. When I put backdoor on some server, I don't have to remember prefixes. That's why I also put random prefix generator there instead of having to type the prefix manually. I also removed the need for linking to usernames because it is kinda impossible that someone who isn't on that discord server will just guess the prefix. So no shady stuff here, don't worry. Anyone who wanna use the backdoor can freely replace the base64 encoded webhook url to his own in order to receive own prefixes.

[SolsticeSpectrum]

Btw I noticed that you messaged through the webhook and then your bot appeared.

[SolsticeSpectrum]

This is what that webhook looks like

That base64 is there mainly to prevent script kid owners from fucking around with my webhook

[MajesticWaffle]

Yeah fair enough, It was just a bit sketchy that it had a hard coded to your server, enjoy my ip though ha ha. I set it up so the gui now asks for a webhook. I think I'll also make the "authorized users" thing optional as well

[MajesticWaffle]

Also if you'd rather I didn't push your new shit into main that's fine as well.

[SolsticeSpectrum]

Yeah fair enough, It was just a bit sketchy that it had a hard coded to your server, enjoy my ip though ha ha. I set it up so the gui now asks for a webhook. I think I'll also make the "authorized users" thing optional as well

That actually sounds waaaay better. I'm honestly pretty much a beginner. Also if you can think of better way of securing the webhook in the jar, it would be cool. Base64 is easy to decode. It should be hardened so server owners can't just dig up the webhook and make a spammer that will make it unusable. I couldn't figure out a way to secure it myself.

[SolsticeSpectrum]

Also if you'd rather I didn't push your new shit into main that's fine as well.

I actually like it because you're better coder and changes you said you wanna make such as making authorized users optional and the input for webhook.

[MajesticWaffle]

Yeah i'd have to think about that, if anyone is smart enough to decompile their plugins, they'd definitely be able to know what to do with that.

[SolsticeSpectrum]

Yeah exactly

[SolsticeSpectrum]

Btw can you also put there so if some plugin puts dot behind the message, it will just remove the dot so it won't say Command execution failed?

[SolsticeSpectrum]

Also it should ignore case for first letter since some plugins also autofix your messages to start with case and end with dot

[SolsticeSpectrum]

Basically just ignore case at the beginning and remove dot in the end if some plugin chooses to put it there because it would break the command

[erxson]

This is what that webhook looks like

That base64 is there mainly to prevent script kid owners from fucking around with my webhook

I thought to add this feature to my fork, btw. Good job!

[MajesticWaffle]

Oh as in: #help --> #help.? It seems every day some chat plugin dev finds some new way to ruin everything

[SolsticeSpectrum]

Yes

[SolsticeSpectrum]

Also if you choose letter as prefix, it can get ruined if some plugin replaces it with upper case

[MajesticWaffle]

Yeah, maybe the best solution for that last one would be to ignore case when checking prefixes? Btw, I see that you blocked some plugins from being injected to, whats the deal with those? HostifyMonitor.jar FakaHedaMinequery.jar

[SolsticeSpectrum]

That was exactly problem with my fork. You see I generate different prefix for each injection because I rather use non spread and when they figure out one prefix and remove it, I still get another prefix in my webhook.

[SolsticeSpectrum]

Yeah, maybe the best solution for that last one would be to ignore case when checking prefixes? Btw, I see that you blocked some plugins from being injected to, whats the deal with those? HostifyMonitor.jar FakaHedaMinequery.jar

These are for czech hostings specifically

[MajesticWaffle]

Unfortunately, unless someone knows some way to completely bypass any chat plugins and get the raw message, there will always probably be some random way they find to break it. But I can definitely get around the period one.

[SolsticeSpectrum]

We have two main hostings that use checksums on plugins called FakaHedaMinequery and HostifyMonitor

[SolsticeSpectrum]

When they get injected, these plugins will trigger lockdown

[MajesticWaffle]

Interesting, I'll leave that in then

[SolsticeSpectrum]

Would be nice to also figure out if other hostings around the world do the same and include their plugin names too.

[MajesticWaffle]

Yeah, I guess if anyone else runs into that kind of thing, they'll just need to do an Issue or PR if they know how to do it.

[SolsticeSpectrum]

Unfortunately, unless someone knows some way to completely bypass any chat plugins and get the raw message, there will always probably be some random way they find to break it. But I can definitely get around the period one.

And can you also add ignoreCase to prefixes?

[SolsticeSpectrum]

Yeah, I guess if anyone else runs into that kind of thing, they'll just need to do an Issue or PR if they know how to do it.

Sounds good

[MajesticWaffle]

And can you also add ignoreCase to prefixes?

Yeah definitely

[SolsticeSpectrum]

I can't wait how the result with webhook input, authed user switch and these workarounds for some chat plugins will look like