Topic: Port Scanning (Read 1014 times)

ShadowElitePro · « **Reply #30 on:** December 02, 2005, 06:46:00 PM »

Well were getting somewhere, but thats just for the media connection I think.

xblinkxkidx · « **Reply #31 on:** December 04, 2005, 06:29:00 AM »

do a Ianas guide to check it .. waht credentials in nmap asre uusing i might try it out in a sec. i mainly want to do the O option to find the if it can see anyh os and also sS to see if the silent option comes into play at all with it. i might also use a nessus scan

some one has talked about the xbox360 not being able to ping ....well it might have ping off..on some pc'/s u can do shit 2 turn off so it will act in stealth mode.

zerosignal0 · « **Reply #32 on:** December 07, 2005, 12:41:00 PM »

Just to mention as well I have been doing port scans and have come up with some funny ports too... like 21, you know I had to laugh to myself getting this one (for those who dont know port 21 is FTP) I knew right off the bat there wasnt a ftp server running but being as thats how all us modders get back and forth in our xbox 1... but anyways I also got the port 110 mailserver port open and thought to myself hmmm... you know maybe it is the live thing and noticed it was already mentioned earlier but then it really did occur to me.... Just my own opinion but I think its going to take the modchip guys a long time to get around all this hardware security so the only way were gonna get into this thing is via network and for the most obvious reasons MS SUCKS AT NETWORK SECURITY! Lets face it even if they do hide these services on different ports thats going to be a hell of alot easier to exploit than hardware so whats next? We need to really focus on probing these ports for as much info as we can and really try to take the path of exploiting with MCE exploits. That makes the most sense to me... I know someone else had already mentioned that earlier but I am going to attempt the next couple of days to buffer overflow this thing... If I can do it the only thing Ill need help with is working on a file to upload to create a true FTP server. Now heres one other question for ya.. If someone is able to overflow and start a ftp server... what port? If this machine is almost randomly snagging ports than how do you even know if you reach that point what port to connect with?

Sorry for the long post Im just dumping my brain out to see if someone might take this somewhere.

zer0

reagor · « **Reply #33 on:** December 10, 2005, 06:28:00 PM »

QUOTE(zerosignal0 @ Dec 7 2005, 02:48 PM)

Just to mention as well I have been doing port scans and have come up with some funny ports too... like 21, you know I had to laugh to myself getting this one (for those who dont know port 21 is FTP) I knew right off the bat there wasnt a ftp server running but being as thats how all us modders get back and forth in our xbox 1... but anyways I also got the port 110 mailserver port open and thought to myself hmmm... you know maybe it is the live thing and noticed it was already mentioned earlier but then it really did occur to me.... Just my own opinion but I think its going to take the modchip guys a long time to get around all this hardware security so the only way were gonna get into this thing is via network and for the most obvious reasons MS SUCKS AT NETWORK SECURITY! Lets face it even if they do hide these services on different ports thats going to be a hell of alot easier to exploit than hardware so whats next? We need to really focus on probing these ports for as much info as we can and really try to take the path of exploiting with MCE exploits. That makes the most sense to me... I know someone else had already mentioned that earlier but I am going to attempt the next couple of days to buffer overflow this thing... If I can do it the only thing Ill need help with is working on a file to upload to create a true FTP server. Now heres one other question for ya.. If someone is able to overflow and start a ftp server... what port? If this machine is almost randomly snagging ports than how do you even know if you reach that point what port to connect with?

Sorry for the long post Im just dumping my brain out to see if someone might take this somewhere.

wouldnt it be funny if the 360 Os is a linux based

correct me if i am wrong

exploiting the MCE on the network, isnt the media extender only a streaming vidoe, pictures, etc... not for executable info, even on a core level... using this as an exploit doesnt seam feasable as the internal os has security in place not alowing it to run executable code, maybe somehow attacking the image viewer app and passing it a fake .jpg which contains the code for an exploit it seams this is an open door for MS wants you to attack...

sorry flame blast me do as you will im probaabily just wasting your time

xblinkxkidx · « **Reply #34 on:** December 11, 2005, 07:17:00 AM »

the ftp could be for the xbmc i guess,,, the 110 is for POP3 (aka mail) seems like that may be used for xbox live like said earlyer^ .... maby it has to do with the xbox live gamertag mailbox with voice messages and test messages.

?

mrRobinson · « **Reply #35 on:** December 13, 2005, 02:09:00 PM »

Yes it seems those ports are "open" solely for live services, the live messaging and chatting with friends, etc. Because you cannot connect with those ports as it is looking for authentication.

CODE

[Connect 16:28:44]  Remote Port: 25 Local Port: 2674
Local Socket: 484  Standard Service: Simple Mail Transfer :: [Incoming Data 16:29:06]

Remote Port: 25 Local Port: 2674
421  Cannot connect to SMTP server, connect error 10060

[Session Closed 16:29:06] Remote Port: 25 Local Port: 2674

[Connect 16:29:30] Remote Port: 110 Local Port: 2762
Local Socket: 508  Standard Service: Post Office protocol - Version 3 ::

[Connect 16:29:35]  Remote Port: 119 Local Port: 2772
Local Socket: 492  Standard Service: Network News Transfer Protocol ::

[Connect 16:29:50] Remote Port: 143 Local Port: 2797
Local Socket: 456  Standard Service: Internet Message Access Protocol/Interactive Mail Access Protocol
v2

[Incoming Data 16:29:51]Remote Port: 110 Local Port: 2762
-ERR  Cannot connect to POP server, connect error 10060

[Session Closed 16:29:51]  Remote Port: 110 Local Port: 2762

[Incoming Data 16:29:56]Remote Port: 119 Local Port: 2772
502  Cannot connect to NNTP server, connect error 10060

[Session Closed 16:29:56] Remote Port: 119 Local Port: 2772

[Incoming Data 16:30:11] Remote Port: 143 Local Port: 2797
* BYE [ALERT]  Cannot connect to IMAP server, connect error 10060

[Session Closed 16:30:11] Remote Port: 143 Local Port: 2797

This post has been edited by mrRobinson: Dec 13 2005, 10:10 PM

mrRobinson · « **Reply #36 on:** December 13, 2005, 02:29:00 PM »

MS NLB heartbeat
These broadcasts from the 360 show up when on live or testing the live or media connections.
It seems to be a msft network load balancer hearbeat. They have adjusted it to about every 2 seconds.

Check this site for info http://www.MS.com/te...ing/nlbfaq.mspx

you'll have to change the ms.com to the full msft name.

So this is what they are using to keep you on various live servers as efficiently as possible.

I would think their live servers are clusters of win2k3 and the 360 itself could be running an embedded 2k3 server OS of some sort.

modthebox.tk · « **Reply #37 on:** December 15, 2005, 08:22:00 AM »

QUOTE(reagor @ Dec 11 2005, 03:35 AM)

wouldnt it be funny if the 360 Os is a linux based

correct me if i am wrong

exploiting the MCE on the network, isnt the media extender only a streaming vidoe, pictures, etc... not for executable info, even on a core level... using this as an exploit doesnt seam feasable as the internal os has security in place not alowing it to run executable code, maybe somehow attacking the image viewer app and passing it a fake .jpg which contains the code for an exploit it seams this is an open door for MS wants you to attack...

sorry flame blast me do as you will im probaabily just wasting your time

nope. built off a beta version of vista -- Code name Longhorn --. I think. of course I mean built off the kernel because we all know it runs off the same kernel as Xbox1-- execute one app at a time. It has multiple operating systems that are supervised by the hypervisor.

ssj4android · « **Reply #38 on:** December 21, 2005, 04:25:00 PM »

Does the 360 use UPNP to map inbound ports for xbox live? I know my router's "firewall" page shows when ports have been reserved via UPNP, and what their name is. I don't have a 360 to test this though.

mrRobinson · « **Reply #39 on:** December 22, 2005, 08:13:00 AM »

No seems to only use upnp for the wmc and mc capabilities.

sami9999 · « **Reply #40 on:** January 02, 2006, 11:46:00 AM »

Hello,

I don't know if this is the right place but a few posts ago there was a discussion about a hack over the network.
I don't know the WMC and I don't have a XboX360 (yet). But if the dashboard has not been written from scratch (very unlikely IMHO) and xbox360 can show WMF (windows meta file) format pictures, then there exist a hole in all windows OS'es which lead to execution of arbitrary code. I think maybe it is possible to inject some code in to a WMF file and try to execute it.

Just a thought. But of course you guys know better

ssj4android · « **Reply #41 on:** January 03, 2006, 05:23:00 PM »

Try it if you want. Although, I've heard Data Execution Prevention guards against the exploit on XP. So even if the exploitable software did exist, the hypervisor or whatever would most likely stop it. Still, you can try. I'd use a linux server to test it though.

ben1989 · « **Reply #42 on:** November 02, 2006, 12:47:00 PM »

http://xboxip:1026/xbox360.png

Author Topic: Port Scanning (Read 1014 times)