Acidmods

Members Area => News => Xbox News => Topic started by: Rodent on March 31, 2017, 12:45:13 PM

Title: XBOX ONE HACK: XBOX ONE EXPLOIT PROOF OF CONCEPT RELEASED
Post by: Rodent on March 31, 2017, 12:45:13 PM
(https://i.gyazo.com/41f42850f370da5c9ae553d77750655a.png)


Developer unknownv2 has released a proof of concept exploit for the Xbox One. The exploit leverages a series of known vulnerabilities in the Microsoft Edge Browser (CVE-2016-7200 and CVE-2016-7241).

The Xbox One uses Microsoft’s Edge browser. Pretty much the same browser that you used once on Windows 10, to download google Chrome.

In November last year, several critical vulnerabilities were found in the Edge browser, and disclosed by Microsoft as they patched them. A proof of concept was released for these vulnerabilities by developer Brian Pak, demonstrating how to use them in an exploit.

This is known as the Chakra exploit

Hacker unknownv2 has built his Xbox One exploit on top of Brian Pak’s proof of concept. In the developer’s words:
 
Quote
The POC itself was mostly complete, but the first bug (CVE-2016-7200) it used was patched on the console. I used Json.Parse bug (CVE-2016-7241) to leak addresses instead and after a bit of tweaking with the values, I was able to get the correct address for the chakra.dll. From there, I modified the POC by changing the code addresses for the gadgets and the VirtualProtect function call to make the shellcode executable.

(https://acidmods.com/forum/proxy.php?request=http%3A%2F%2Fcdn-6.wololo.net%2Fwagic%2Fwp-content%2Fuploads%2F2017%2F03%2Fxbox_chakra_exploit.jpg&hash=1c89ceb1d45b6f228e39d2bfa2f5595cd866a40e)


This is a userland exploit, similar to webkit exploits that many of us are familiar with. From unknownv2:

Quote
Currently the Xbox One has a sandboxed AppContainer protection just like Windows 10. Therefore, the Edge app and its code has restricted access to the file’s resources and further work is needed to escalate the process’s privileges. This could be in the form of a kernel exploit.

The sandbox is similar to the PS4 in the sense that it is limited in what you can do, but its the same thing as getting RCE on Edge on Windows 10 essentially.

Unknownv2’s exploit works on XBox One’s firmware 10.0.14393.2152 (released in December last year), according to the developer. Note that a new firmware update for Xbox One was released earlier this week, it is not clear of that firmware patches the vulnerabilities involved here.


Check out link below for more info and download information


Source: http://wololo.net/2017/03/31/xbox-one-hack-xbox-one-exploit-proof-concept-released-based-chakra-exploit-unconfirmed/
Title: Re: XBOX ONE HACK: XBOX ONE EXPLOIT PROOF OF CONCEPT RELEASED
Post by: Anonamous on April 01, 2017, 07:20:59 PM

The Xbox One uses Microsoft’s Edge browser. Pretty much the same browser that you used once on Windows 10, to download google Chrome.


Nothing, in the entire history of the internet, has ever been more true.
Title: Re: XBOX ONE HACK: XBOX ONE EXPLOIT PROOF OF CONCEPT RELEASED
Post by: Rodent on April 02, 2017, 07:38:47 AM
more information listed here
https://www.endgame.com/blog/chakra-exploit-and-limitations-modern-mitigation-techniques
Title: Re: XBOX ONE HACK: XBOX ONE EXPLOIT PROOF OF CONCEPT RELEASED
Post by: Rodent on April 03, 2017, 03:49:42 PM
latest update from Team Xecuter
http://team-xecuter.com/nandone-v0-03-for-xbox-one-released/
SimplePortal 2.3.5 © 2008-2012, SimplePortal