• $0.00
    Your cart is currently empty.

Xbox One hack: Xbox One Exploit Proof of Concept released, based on Chakra exploit

Developer unknownv2 has released a proof of concept exploit for the Xbox One. The exploit leverages a series of known vulnerabilities in the Microsoft Edge Browser (CVE-2016-7200 and CVE-2016-7241).

This is an exploit of the ridiculously rebranded Interenet explorer browser dubbed Microsoft Edge.

In November last year, several critical vulnerabilities were found in the Edge browser, and disclosed by Microsoft as they patched them. A proof of concept was released for these vulnerabilities by developer Brian Pak, demonstrating how to use them in an exploit. This is known as the Chakra exploit, and a good read on the topic can be found here.

Hacker unknownv2 has built his Xbox One exploit on top of Brian Pak’s proof of concept. In the developer’s words:

The POC itself was mostly complete, but the first bug (CVE-2016-7200) it used was patched on the console. I used Json.Parse bug (CVE-2016-7241) to leak addresses instead and after a bit of tweaking with the values, I was able to get the correct address for the chakra.dll. From there, I modified the POC by changing the code addresses for the gadgets and the VirtualProtect function call to make the shellcode executable.

Currently the Xbox One has a sandboxed AppContainer protection just like Windows 10. Therefore, the Edge app and its code has restricted access to the file’s resources and further work is needed to escalate the process’s privileges. This could be in the form of a kernel exploit.

The sandbox is similar to the PS4 in the sense that it is limited in what you can do, but its the same thing as getting RCE on Edge on Windows 10 essentially.

 

Unknownv2’s exploit works on XBox One’s firmware 10.0.14393.2152 (released in December last year), according to the developer. Note that a new firmware update for Xbox One was released earlier this week, it is not clear of that firmware patches the vulnerabilities involved here.

Download Chakra exploit for XBox

You can get the necessary files from the developer’s github here.

 

 

Similar posts

33 Pings/Trackbacks

  1. copy trading binary options on June 29, 2017 at 4:08 am
  2. seedboxes on July 21, 2017 at 3:38 am
  3. ppdb jatim net on July 21, 2017 at 2:02 pm
  4. DMPK on October 6, 2017 at 5:49 am
  5. Sexo on October 9, 2017 at 7:53 am
  6. agen judi bola on October 23, 2017 at 11:28 pm
  7. poker online on October 25, 2017 at 7:07 am
  8. noithatxaydung.online on November 6, 2017 at 12:19 am
  9. Corporate Event Management Company Hyderabad on November 10, 2017 at 8:16 am
  10. Wedding Organizers in Hyderabad on November 19, 2017 at 5:55 am
  11. go to my blog on November 27, 2017 at 7:41 am
  12. satta matka on December 1, 2017 at 1:21 am
  13. http://coehuman.uodiyala.edu.iq/ on December 5, 2017 at 10:05 am
  14. Aws allkhazraji for SEO on December 27, 2017 at 5:18 pm
  15. contract research organization gvk biosciences on January 3, 2018 at 7:17 am
  16. pharmacokinetics studies on January 3, 2018 at 12:48 pm
  17. Best Engineer lawAws Alkhazraji on January 8, 2018 at 1:26 pm
  18. syarat pendaftaran cpns 2019 on January 9, 2018 at 7:00 am
  19. FTE for medicinal chemistry on January 11, 2018 at 11:29 am
  20. Kuruganti Events on February 4, 2018 at 12:39 am
  21. bing ads money back consultant on February 16, 2018 at 4:12 am
  22. 主页 on March 10, 2018 at 10:56 am
  23. warehouses for sale on March 18, 2018 at 8:28 am
  24. Digital Corporate Reputation Management Solutions on April 8, 2018 at 11:57 pm
  25. PK Studies in Mice on May 17, 2018 at 1:35 pm
  26. free forex signals on June 4, 2018 at 9:17 pm
  27. In vitro CYP450 inhibition on June 19, 2018 at 4:58 pm
  28. tes cpns tahun 2018 on June 26, 2018 at 4:19 am
  29. cheap online viagra on July 5, 2018 at 1:17 am
  30. sportsbook on July 16, 2018 at 4:31 am
  31. bitcoin-casino.review on July 18, 2018 at 6:15 am
  32. check my source on July 23, 2018 at 3:04 am
  33. Free UK Chat Rooms on August 15, 2018 at 6:58 am

Older Posts

Submit a News Story
We will thank you for your submission using this alias
Sending