the lore behind “#catgirlexploit”

Table of contents

prologue 0.1

me and my friend decided to play on an economy pvp server…

tps image

wtf?????? It shows the regions with highest mspt consumption (practically a server-wide farm detector)

Out of curiosity, I searched for the server jar. Turns out it’s a fork of folia

chapter 1: the tps exploit

“what if I automated this?”

v1 image

Oh shit we actually found a base

Now that we know this actually work, let’s improve it!

2nd scatter\

Second iteration, a scatter plot would benefit from these type of data…

plotly demo

Third iteration, you’ll see that I’ve also plotted onto plotly for zooming!

recency

Last iteration. I’ve added frecency plotting!

We went to different bases, took screenies and made montages with nettspend playing in the background with shit quality while we deconstruct the whole base to fuck around with the server members. These images and montages are lost in the passage of time.

interlude 2:

Out of laziness and sleep deprivation, I hard-coded my webhook url and couldn’t be bothered to use env vars… This will come back to bite me later as I then proceded to push to master KNOWING that it’s discoverable publicly (naive me didn’t think much of it at the time).

alt text

A scraper found my webhook url… Oops! I was asleep at the time so I didn’t notice anything. A few hours passes, and another group found my webhook, again.

alt text

Whoops… That hurts, but at least they didn’t ban me using the webhook exploit. After a brutal reality check, I did some damage control, and learned a lesson: Strangers aren’t ones to trust, neither am I. LOL

interlude 3: discord trolling

I went onto the discord server to troll for a bit, I didn’t take any screenshots at the time so this is the only surviving media I have.

alt text

I went by vitrescent at the time. There was no “vitrescent client,” a guy I raided wanted to “collect evidence” on a non-existing client I made up and reported it to the admin with the gif as “proof”. He messaged me on discord asking for the price, so I trolled him some more. Too bad I hid the DM and couldn’t for my life find it anymore, the server is also deleted now as I will explain in the epilogue.

mini chapter 3.5: social engineering

The server has a member-member/member-staff screenshare system. I forged a few images of someone logging out (dodging ss) and got them banned (LOL????), I lost these images too.

chapter 4: the skript dupe

Skript is a scripting language for minecraft. It has “humanly-readable” english syntax, although I find it really unconventional compared to proper programming languages; this isn’t really relevant though.

alt text

After fucking around for a while, my friend found a dupe in the crate system. We then duped thousands of spawner and dominated the economy, which further spread the non-existent “#catgirlexploit” even more.

epilogue 5

The tps method got patched. We lost interest in the server and there was internal conflict between the admins. The server got raided and rebraded as another server.

#catgirlexploit became an inside joke.

FIN.

FAQ!!! (questions I hope you will ask)

1. What did you use to capture the tps information?

I used minescript for capturing the chat message event, I filtered for the tps message and did some pretty hacky array splicing.