-
My setup is simple, one computer running Slackware, xbox 360(Latest Updates) & a D-link router. So no firewalls in my lan, only the D-link.
If you do a nmap scan of the 360, tcp port 1026 is open. The other udp & tcp ports are in a state of filtered. Theres three things, I'll like to point out.
1) Port 1026 is open. Does anyone have any idea, what service is running. My best guess would be something to do with xbox live. Maybe the messenger service, as you would need that service open to recieve emails.
2) All other udp & tcp ports are filtered. Most of the time if you scan a host the ports are either open or closed. Being filtered tells me something is blocking my probes. Like a firewall. I'm guessing the xbox 360 has a firewall, what do you think. Just say for a minute it does, we know it blocks incoming traffic. What about outgoing? If we do exploit the xbox somehow, a firewall will make it harder to open a ftp/telnet server. If it filters outgoing traffic.
3) If you type http://ipaddressofxbox360here:1026/ into a web browser, it'll download a file called index.html(http server?). I edited the below file, to remove my serial number, etc.
<?xml version="1.0"?><root xmlns="urn:schemas-upnp-org:device-1-0" xmlns:ms=" urn:MS-com:wmc-1-0"><specVersion><major>1</major><minor>0</minor>
</specVersion><device ms:X_MS_SupportsWMDRM="true">
<deviceType>urn:schemas-upnp-org:device:MediaRenderer:1</deviceType>
<manufacturer>MS Corporation</manufacturer><manufacturerURL>http://www.MS.com/
</manufacturerURL><modelName>Xbox 360</modelName><modelNumber></modelNumber>
<modelDescription>Xbox 360</modelDescription><modelURL>http://www.xbox.com/</modelURL>
<friendlyName>Xbox 360</friendlyName><serialNumber>REMOVEDINFORMATION</serialNumber>
<UDN>uuid:REMOVEDINFORMATION</UDN>
<serviceList><service>
<serviceType>urn:schemas-upnp-org:service:RenderingControl:1
</serviceType><serviceId>urn:upnp-org:serviceId:RenderingControl
</serviceId>
<SCPDURL>/Content/RenderingControl</SCPDURL><controlURL>
/Control/RenderingControl</controlURL><eventSubURL>
/Event/RenderingControl</eventSubURL></service>
<service><serviceType>urn:schemas-upnp-org:service:ConnectionManager:1
</serviceType><serviceId>urn:upnp-org:serviceId:ConnectionManager
</serviceId>
<SCPDURL>/Content/ConnectionManager</SCPDURL><controlURL>
/Control/ConnectionManager</controlURL><eventSubURL>
/Event/ConnectionManager</eventSubURL>
</service></serviceList></device></root>
Don't know if any of this is any good. But I though I'll past it along. Take it littlely, I'm not a coder, just a geek. :)
Just like to say thanks to Xbox-Scene, Xbox-Linux, etc. Been a long time reader.
Cheers;
Slack3er
This post has been edited by Slack3er: Nov 24 2005, 04:45 PM
-
i think it's for the media center connection
-
what happens if you go to the directory: http://XBOX360IP:1026/Content/ConnectionManager (for example)?
(i don't have an xbox 360 here (yet) i live in the netherlands... the 360 comes out here on 2 december :( )
-
try using a program like intellitamper to scan the xbox directories in intellitamper type http://ipofxbox:1038/
This post has been edited by crystalgeek: Nov 24 2005, 07:09 PM
-
Thanks for everyones suggestions & replies. :)
crystalgeek:
I tried scanning my xbox with intellitamper. The only file it finds is called, _index_defaultpage.html. I tried different settings, like /Content/ConnectionManager or /event/. But thats all it finds, the file contains the same info as I posted above.
Tp21:
When I tried that(http://XBOX360IP:1026/Content/ConnectionManager) it finds a new file called, ConnectionManager.xml
I also tried different combations, but no more luck. :(
/Content/ConnectionManager
/Control/ConnectionManager
/Event/ConnectionManager
/Content/
/Control/
/Event/
Thanks again;
Slack3er
================New file contains=====================
<?xml version="1.0" ?>
- <scpd xmlns="urn:schemas-upnp-org:service-1-0">
- <specVersion>
<major>1</major>
<minor>0</minor>
</specVersion>
- <actionList>
- <action>
<name>GetCurrentConnectionIDs</name>
- <argumentList>
- <argument>
<name>ConnectionIDs</name>
<direction>out</direction>
<relatedStateVariable>CurrentConnectionIDs</relatedStateVariable>
</argument>
</argumentList>
</action>
- <action>
<name>GetCurrentConnectionInfo</name>
- <argumentList>
- <argument>
<name>ConnectionID</name>
<direction>in</direction>
<relatedStateVariable>A_ARG_TYPE_ConnectionID</relatedStateVariable>
</argument>
- <argument>
<name>RcsID</name>
<direction>out</direction>
<relatedStateVariable>A_ARG_TYPE_RcsID</relatedStateVariable>
</argument>
- <argument>
<name>AVTransportID</name>
<direction>out</direction>
<relatedStateVariable>A_ARG_TYPE_AVTransportID</relatedStateVariable>
</argument>
- <argument>
<name>ProtocolInfo</name>
<direction>out</direction>
<relatedStateVariable>A_ARG_TYPE_ProtocolInfo</relatedStateVariable>
</argument>
- <argument>
<name>PeerConnectionManager</name>
<direction>out</direction>
<relatedStateVariable>A_ARG_TYPE_ConnectionManager</relatedStateVariable>
</argument>
- <argument>
<name>PeerConnectionID</name>
<direction>out</direction>
<relatedStateVariable>A_ARG_TYPE_ConnectionID</relatedStateVariable>
</argument>
- <argument>
<name>Direction</name>
<direction>out</direction>
<relatedStateVariable>A_ARG_TYPE_Direction</relatedStateVariable>
</argument>
- <argument>
<name>Status</name>
<direction>out</direction>
<relatedStateVariable>A_ARG_TYPE_ConnectionStatus</relatedStateVariable>
</argument>
</argumentList>
</action>
- <action>
<name>GetProtocolInfo</name>
- <argumentList>
- <argument>
<name>Source</name>
<direction>out</direction>
<relatedStateVariable>SourceProtocolInfo</relatedStateVariable>
</argument>
- <argument>
<name>Sink</name>
<direction>out</direction>
<relatedStateVariable>SinkProtocolInfo</relatedStateVariable>
</argument>
</argumentList>
</action>
</actionList>
- <serviceStateTable>
- <stateVariable sendEvents="no">
<name>A_ARG_TYPE_ProtocolInfo</name>
<dataType>string</dataType>
</stateVariable>
- <stateVariable sendEvents="no">
<name>A_ARG_TYPE_ConnectionStatus</name>
<dataType>string</dataType>
- <allowedValueList>
<allowedValue>OK</allowedValue>
<allowedValue>ContentFormatMismatch</allowedValue>
<allowedValue>InsufficientBandwidth</allowedValue>
<allowedValue>UnreliableChannel</allowedValue>
<allowedValue>Unknown</allowedValue>
</allowedValueList>
</stateVariable>
- <stateVariable sendEvents="no">
<name>A_ARG_TYPE_AVTransportID</name>
<dataType>i4</dataType>
</stateVariable>
- <stateVariable sendEvents="no">
<name>A_ARG_TYPE_RcsID</name>
<dataType>i4</dataType>
</stateVariable>
- <stateVariable sendEvents="no">
<name>A_ARG_TYPE_ConnectionID</name>
<dataType>i4</dataType>
</stateVariable>
- <stateVariable sendEvents="no">
<name>A_ARG_TYPE_ConnectionManager</name>
<dataType>string</dataType>
</stateVariable>
- <stateVariable sendEvents="yes">
<name>SourceProtocolInfo</name>
<dataType>string</dataType>
</stateVariable>
- <stateVariable sendEvents="yes">
<name>SinkProtocolInfo</name>
<dataType>string</dataType>
</stateVariable>
- <stateVariable sendEvents="no">
<name>A_ARG_TYPE_Direction</name>
<dataType>string</dataType>
- <allowedValueList>
<allowedValue>Input</allowedValue>
<allowedValue>Output</allowedValue>
</allowedValueList>
</stateVariable>
- <stateVariable sendEvents="yes">
<name>CurrentConnectionIDs</name>
<dataType>string</dataType>
</stateVariable>
</serviceStateTable>
</scpd>
-
The original Xbox had some support for this to automatically forward ports for LIVE, but that was outgoing. It would connect to your router and use the UPnP protocol for an Internet Gateway Device to open ports.
Check out the specs at http://www.upnp.org/
Unlike the old Xbox, the 360 appears to have support for being a device rather than just a client. Some of the names match up to the UPnP spec for MediaServer and MediaRenderer. (Such as MediaServer, MediaRenderer, ConnectionManager, and RenderingControl). I'm going to read the PDF and see what kind of features. This looks like a good point of attack for buffer overflows or even HD access (If the Xbox can serve the media).
http://www.upnp.org/...mediaserver.asp
As Tp21 guessed, this is likely to allow communications with Media Center. Amazingly enough, MS used a standard protocol on this one.
As a further experiment, try poking around using the name ContentDirectory. That was the only of the components listed on the upnp mediaserver page to not be referenced in the index file.
-
Thanks Dameon for your reply.
I tried ContentDirectory, but couldn't find anything. But for some reason I missed RenderingControl. It returns a file called RenderingControl.xml
http://192.168.0.102:1026/Content/RenderingControl
If theres anything else you'll like me to try feel free. I'm all out of ideas, but will check out those links you recommended. If I find anything else, I'll post.
Regards;
===============File Contains==================
<scpd>
-
<specVersion>
<major>1</major>
<minor>0</minor>
</specVersion>
-
<actionList>
-
<action>
<name>ListPresets</name>
-
<argumentList>
-
<argument>
<name>InstanceID</name>
<direction>in</direction>
<relatedStateVariable>A_ARG_TYPE_InstanceID</relatedStateVariable>
</argument>
-
<argument>
<name>CurrentPresetNameList</name>
<direction>out</direction>
<relatedStateVariable>PresetNameList</relatedStateVariable>
</argument>
</argumentList>
</action>
-
<action>
<name>SelectPreset</name>
-
<argumentList>
-
<argument>
<name>InstanceID</name>
<direction>in</direction>
<relatedStateVariable>A_ARG_TYPE_InstanceID</relatedStateVariable>
</argument>
-
<argument>
<name>PresetName</name>
<direction>in</direction>
<relatedStateVariable>A_ARG_TYPE_PresetName</relatedStateVariable>
</argument>
</argumentList>
</action>
</actionList>
-
<serviceStateTable>
-
<stateVariable sendEvents="yes">
<name>LastChange</name>
<dataType>string</dataType>
</stateVariable>
-
<stateVariable sendEvents="no">
<name>PresetNameList</name>
<dataType>string</dataType>
</stateVariable>
-
<stateVariable sendEvents="no">
<name>A_ARG_TYPE_PresetName</name>
<dataType>string</dataType>
-
<allowedValueList>
<allowedValue>FactoryDefaults</allowedValue>
<allowedValue>InstallationDefaults</allowedValue>
<allowedValue>Vendor defined</allowedValue>
</allowedValueList>
</stateVariable>
-
<stateVariable sendEvents="no">
<name>A_ARG_TYPE_InstanceID</name>
<dataType>ui4</dataType>
</stateVariable>
</serviceStateTable>
</scpd>
This post has been edited by Slack3er: Nov 25 2005, 01:55 AM
-
wow that means the xbox 360 should be able to traverse routers for local link play . . . M$ never ceases to amaze me whenever they actully go with a standard
-
and for the firewall, (all ports are filtered) they probebly included one.
there's a hell lot more security in the 360 so why not
-
Standard TCP/IP stacks return RST to a SYN trying to connect to an unbound socket. This TCP/IP stack doesn't return anything to those queries. Not a firewall per se, just a truncated TCP/IP stack.
--Blerik
-
ah ok
but, can we exploit the 360 using this?
(if not, can we build an "media center replacer"?
-
Cool, learn something new everyday. (IMG:style_emoticons/default/smile.gif)
Thanks for the input.
Regards;
Slack3er
-
Hey,
Yeah, its a uPnP port. Basically what they use to connect to Windows Media Connect or whatever its called. Basically it tells all uPnP devices that the Xbox 360 can play "media".
Exploitable? Probably yes. I've worked w/ Windows Media Connect before and there are alot of bugs inside of it. So lets hope that MS screwed something up this time .
BlueCELL
-
i tried this same thing with mine and it didnt do anything(server timed out) is there possibly something i have to turn on first? im running windows xp and im linked to the box through a linksys network hub, no firewalls? id really like to figure out what this port is for thanx
Jay-Rod
-
Doesn't work for me either. In fact, I can't even ping my Xbox (even though I can connect to my PC and stream media just fine.
-
That's strange, I can connect fine using both Windows XP or Linux. The only thing, that I did with my 360 was get all the xbox live updates & it always autosigns in. I didn't setup media connect or center. There's nothing that I can think that I'm doing differently. I'm using firefox, just type http://ipaddressof360:1026 into the address bar. It should bring back this:
This XML file does not appear to have any style information associated with it. The document tree is shown below. ......etc
BTW, I also can't ping my xbox. For a test, try doing a port scan on the 360. What ports do you see open?
PS: I'm using the premium system, do you have the core? Maybe the file is being served from the harddrive.
Cheers;
This post has been edited by Slack3er: Nov 27 2005, 04:11 AM
-
Summary of the thread so far:
The 360 has a very locked down IP networking system by default. It silently rejects all IP (TCP, UDP, and ICMP) traffic other than TCP on port 1026.
Investigation of TCP 1026 discovered a basic HTTP service running on that port. It is a UPnP service description, showing the 360 as a UPnP Media Renderer. This is undoubtedly for the 360's functionality as a Media Center Extender.
-
Pinging/Connecting works fine on my side here so Slack3r isnt alone (IMG:style_emoticons/default/smile.gif) nmap scan also shows up the same, good work I didn't even think of trying a port scan on this little puppy!
Let me know if I can help in anyway testing stuff out etc... Thanks!
-
Could someone here get some packet dumps between MCE and Xbox?
-
http://www.4shared.com/file/528528/869007c...ox360toWMC.html <-The download button in at the bottom.
Here's a packet dump of WMC to Xbox 360. I used ethereal, just open the file with it. I don't have media center, so I used media connect instead. What I did was left ethereal sniffing, start xbox & mc, mc found the 360. I shared some folders. Then just viewed them onto my 360.
Just a though, the first file that I posted above. Looks like its for idenifying, the 360 to media connect. You were right that port 1026 is used for MC, if you look at the dump. 192.168.0.101 is my computer running XP + MC & 102 is the 360.
Cheers;
Slack3er
-
i just check this with firefox but i cannot connect with IE
http://adressxbox360...enderingControl
http://adressxbox360...nnectionManager
-
After thinking about it, I removed the above link. The file contains identifing data, so if you did download it. I hope you respect, my request not to repost the file. Please keep it for studing nothing more.
This post has been edited by Slack3er: Nov 28 2005, 04:29 PM
-
Slack3er: You said you are just using Media Connect on your machine correct? You wouldnt happen to have a copy of Windows XP MCE to test it out to see if you get similar results would you? I have my friends MCE installing right now on a Virtual Machine, but I am a total noob when it comes to using anything other than nmap to do a simple port scan.
If you could walk me though using Ethereal to get a dump from connecting a Media Center PC I wouldn't mind helping the cause let me explain my setup here.
I have 2 Boxes up and running right now 1 Running Windows XP SP2 with XP Media Center Edition running in a Virtual Machine and on the second box I have Ubuntu loaded with nmap and Ethereal (I am a total noob with Ethereal but Im a quick learn) I can be contacted via any Major IM Services, but im on Hawaii Standard Time so my hours might seem a bit odd, Im off on friday though drop me a PM.
-
Yes only connect, I can only view images. I would like to have Windows XP MCE, but don't.
No problem, I don't mind helping. Can we just use email, this board or pm's. I really don't like IM, with work or some answers may require me to search around abit. With the other ways, I can take my time & give you better answers.
To start, I'm going to post some general tips, if anyone else is interested.
Using Ethereal to acquire TCP/IP Traffic between a computer and Xbox 360:
I have never setup Windows XP MCE before, so your going to have to read that yourself: Here's a link to help you get started.
http://www.xbox.com/...-media-mcpc.htm
One thing you should know, that dump will contain your 360 Serial Number, MAC address, etc. If you post it online, its there for anyone to view, yes even MS. Could they use that info to ban you for xbox live, maybe, I don't really know. But warning you its a chance you must understand. Also running a sniffer like ethereal on you network, if passwords or other personal data is sent across your network. It could be picked up & then if you post it online, bad things could happen.
Also I have used VM software like VMWare before, but I'm no expert with it. As long as you can get MCE working with your xbox you'll get a dump.
Ethereal is cross-plateform, so it works on Linux/BSD/Windows. I would install ethereal, onto the VM that is running MCE. I don't think ethereal will see the traffic, if you run it from your second box. Also I would temp disable UPNP on your router, it will make your results in ethereal easlier to read. Turn it back on when your done, if you wish.
First step would be make sure MCE & the 360 is correctly working. Try viewing images, just to make sure it works. Then turn off your xbox, just to make sure your kill the connection.
Start ethereal on the VM, go to Capture & options. Change interface, to your Nic card. Check the option to update packets in real time. Then hit start. Now leave it.
Now turn on your xbox, connect it to MCE. View some images/video. That will make some traffic, if you look at ethereal you'll see its collecting packets.
Turn off your xbox. Hit stop on ethereal & save the dump.
As for analyzing the dump, The top window contains the packets, inorder they were recorded. The bottom windows, is what the packets contains.
And that's about it, try it & see what happens. If you run into problems, I'll be around.
Regards;
Slack3er
-
well at first i didnt suceed when scanning for open ports, but i found out it was because i had the ping check enable so it wouldnt work. also the first time i scanned, ports 25 110 and 1026 were open then i loaded a game went back to the dashboard and now it was the same only instead of 1026 it was now 1028. i also got on live to scan again and i got 25 110 1002 1032(which used to be 1026/1028) and 1720. no luck with any of them though
-
Who whoa wait. Are you sure it's your Xbox? 25 is SMTP and 110 is POP3. Xbox 360 is a mail server?
-
QUOTE(SilentWatcher @ Dec 2 2005, 02:38 AM)
Who whoa wait. Are you sure it's your Xbox? 25 is SMTP and 110 is POP3. Xbox 360 is a mail server?
Assuming it wasn't an error on the behalf of the person doing the scanning, I wouldn't put it by MS to run services on non-standard ports in order to further obscure the exact service running on them. I used to run a terminal server on port 110, because 110 outbound wasn't blocked by the firewall at work. I could then browse the web or do anything I wanted using my home box as a proxy. Point is, anybody with half a brain can configure a service to run on a different port; standard does not mean "etched in stone."
...but I'd be quicker to assume that it was an error on Mr(s?) Xbox's behalf.
-
QUOTE
Who whoa wait. Are you sure it's your Xbox? 25 is SMTP and 110 is POP3. Xbox 360 is a mail server?
This may be a stupid idea...but the 360 can send and recieve messages back and forth right? so... although xbox live uses a port to play games and download and such...maybe it could use these ports to send the messages back and forth.....just an idea...
-
i agree it did strike me as strange when those two ports showed up but they did, i guess since it is only me having these results, i will get a diff port scanner and check it out tomorrow when i get home.
Jay-Rod
-
Hrm, I cant seem to update to rollup 2 for MCE with my 60 day trial key... what gives? Guess they don't want me to trial it... Plus its complaining about the Video card of the emulated machine... Anyone using MCE with Virtual PC 2005?
-
Well were getting somewhere, but thats just for the media connection I think.
-
do a Ianas guide to check it .. waht credentials in nmap asre uusing i might try it out in a sec. i mainly want to do the O option to find the if it can see anyh os and also sS to see if the silent option comes into play at all with it. i might also use a nessus scan
some one has talked about the xbox360 not being able to ping ....well it might have ping off..on some pc'/s u can do shit 2 turn off so it will act in stealth mode.
-
Just to mention as well I have been doing port scans and have come up with some funny ports too... like 21, you know I had to laugh to myself getting this one (for those who dont know port 21 is FTP) I knew right off the bat there wasnt a ftp server running but being as thats how all us modders get back and forth in our xbox 1... but anyways I also got the port 110 mailserver port open and thought to myself hmmm... you know maybe it is the live thing and noticed it was already mentioned earlier but then it really did occur to me.... Just my own opinion but I think its going to take the modchip guys a long time to get around all this hardware security so the only way were gonna get into this thing is via network and for the most obvious reasons MS SUCKS AT NETWORK SECURITY! Lets face it even if they do hide these services on different ports thats going to be a hell of alot easier to exploit than hardware so whats next? We need to really focus on probing these ports for as much info as we can and really try to take the path of exploiting with MCE exploits. That makes the most sense to me... I know someone else had already mentioned that earlier but I am going to attempt the next couple of days to buffer overflow this thing... If I can do it the only thing Ill need help with is working on a file to upload to create a true FTP server. Now heres one other question for ya.. If someone is able to overflow and start a ftp server... what port? If this machine is almost randomly snagging ports than how do you even know if you reach that point what port to connect with?
Sorry for the long post Im just dumping my brain out to see if someone might take this somewhere.
zer0
-
QUOTE(zerosignal0 @ Dec 7 2005, 02:48 PM)
Just to mention as well I have been doing port scans and have come up with some funny ports too... like 21, you know I had to laugh to myself getting this one (for those who dont know port 21 is FTP) I knew right off the bat there wasnt a ftp server running but being as thats how all us modders get back and forth in our xbox 1... but anyways I also got the port 110 mailserver port open and thought to myself hmmm... you know maybe it is the live thing and noticed it was already mentioned earlier but then it really did occur to me.... Just my own opinion but I think its going to take the modchip guys a long time to get around all this hardware security so the only way were gonna get into this thing is via network and for the most obvious reasons MS SUCKS AT NETWORK SECURITY! Lets face it even if they do hide these services on different ports thats going to be a hell of alot easier to exploit than hardware so whats next? We need to really focus on probing these ports for as much info as we can and really try to take the path of exploiting with MCE exploits. That makes the most sense to me... I know someone else had already mentioned that earlier but I am going to attempt the next couple of days to buffer overflow this thing... If I can do it the only thing Ill need help with is working on a file to upload to create a true FTP server. Now heres one other question for ya.. If someone is able to overflow and start a ftp server... what port? If this machine is almost randomly snagging ports than how do you even know if you reach that point what port to connect with?
Sorry for the long post Im just dumping my brain out to see if someone might take this somewhere.
wouldnt it be funny if the 360 Os is a linux based
correct me if i am wrong
exploiting the MCE on the network, isnt the media extender only a streaming vidoe, pictures, etc... not for executable info, even on a core level... using this as an exploit doesnt seam feasable as the internal os has security in place not alowing it to run executable code, maybe somehow attacking the image viewer app and passing it a fake .jpg which contains the code for an exploit it seams this is an open door for MS wants you to attack...
sorry flame blast me do as you will im probaabily just wasting your time
-
the ftp could be for the xbmc i guess,,, the 110 is for POP3 (aka mail) seems like that may be used for xbox live like said earlyer^ .... maby it has to do with the xbox live gamertag mailbox with voice messages and test messages.???????
-
Yes it seems those ports are "open" solely for live services, the live messaging and chatting with friends, etc. Because you cannot connect with those ports as it is looking for authentication.
CODE
[Connect 16:28:44] Remote Port: 25 Local Port: 2674
Local Socket: 484 Standard Service: Simple Mail Transfer :: [Incoming Data 16:29:06]
Remote Port: 25 Local Port: 2674
421 Cannot connect to SMTP server, connect error 10060
[Session Closed 16:29:06] Remote Port: 25 Local Port: 2674
[Connect 16:29:30] Remote Port: 110 Local Port: 2762
Local Socket: 508 Standard Service: Post Office protocol - Version 3 ::
[Connect 16:29:35] Remote Port: 119 Local Port: 2772
Local Socket: 492 Standard Service: Network News Transfer Protocol ::
[Connect 16:29:50] Remote Port: 143 Local Port: 2797
Local Socket: 456 Standard Service: Internet Message Access Protocol/Interactive Mail Access Protocol
v2
[Incoming Data 16:29:51]Remote Port: 110 Local Port: 2762
-ERR Cannot connect to POP server, connect error 10060
[Session Closed 16:29:51] Remote Port: 110 Local Port: 2762
[Incoming Data 16:29:56]Remote Port: 119 Local Port: 2772
502 Cannot connect to NNTP server, connect error 10060
[Session Closed 16:29:56] Remote Port: 119 Local Port: 2772
[Incoming Data 16:30:11] Remote Port: 143 Local Port: 2797
* BYE [ALERT] Cannot connect to IMAP server, connect error 10060
[Session Closed 16:30:11] Remote Port: 143 Local Port: 2797
This post has been edited by mrRobinson: Dec 13 2005, 10:10 PM
-
MS NLB heartbeat
These broadcasts from the 360 show up when on live or testing the live or media connections.
It seems to be a msft network load balancer hearbeat. They have adjusted it to about every 2 seconds.
Check this site for info http://www.MS.com/te...ing/nlbfaq.mspx
you'll have to change the ms.com to the full msft name.
So this is what they are using to keep you on various live servers as efficiently as possible.
I would think their live servers are clusters of win2k3 and the 360 itself could be running an embedded 2k3 server OS of some sort.
-
QUOTE(reagor @ Dec 11 2005, 03:35 AM)
wouldnt it be funny if the 360 Os is a linux based
correct me if i am wrong
exploiting the MCE on the network, isnt the media extender only a streaming vidoe, pictures, etc... not for executable info, even on a core level... using this as an exploit doesnt seam feasable as the internal os has security in place not alowing it to run executable code, maybe somehow attacking the image viewer app and passing it a fake .jpg which contains the code for an exploit it seams this is an open door for MS wants you to attack...
sorry flame blast me do as you will im probaabily just wasting your time
nope. built off a beta version of vista -- Code name Longhorn --. I think. of course I mean built off the kernel because we all know it runs off the same kernel as Xbox1-- execute one app at a time. It has multiple operating systems that are supervised by the hypervisor.
-
Does the 360 use UPNP to map inbound ports for xbox live? I know my router's "firewall" page shows when ports have been reserved via UPNP, and what their name is. I don't have a 360 to test this though.
-
No seems to only use upnp for the wmc and mc capabilities.
-
Hello,
I don't know if this is the right place but a few posts ago there was a discussion about a hack over the network.
I don't know the WMC and I don't have a XboX360 (yet). But if the dashboard has not been written from scratch (very unlikely IMHO) and xbox360 can show WMF (windows meta file) format pictures, then there exist a hole in all windows OS'es which lead to execution of arbitrary code. I think maybe it is possible to inject some code in to a WMF file and try to execute it.
Just a thought. But of course you guys know better
-
Try it if you want. Although, I've heard Data Execution Prevention guards against the exploit on XP. So even if the exploitable software did exist, the hypervisor or whatever would most likely stop it. Still, you can try. I'd use a linux server to test it though.
-
http://xboxip:1026/xbox360.png