Xbox One Symbolic Link Exploit

Thread: Xbox One Symbolic Link Exploit

  1. BIG-TED's Avatar

    BIG-TED said:

    Default Xbox One Symbolic Link Exploit

    We have a little bit more not enough for a full blown open exploit at present but its a chink in the armour. As posted before if you are on latest dash nothing for you at this time.

    Xenomega released a Exploit that allows us, to get access (browse/read/write) to encrypted mounted virtual harddisk Xbox One partitions, in alliance with symlinks.

    Xbox One Symbolic Link Exploit


    Access restricted/encrypted volumes using the Xbox File Explorer.


    Patched as of 5/5/2017: 10.0.15063.2022 (RS2_RELEASE_XBOX_1704.170501-1052). Thus in accordance with responsible disclosure.
    The Xbox One File Explorer does not check if a path is a symbolic link elsewhere, allowing an attacker to browse/read/write to mounted volumes which are normally restricted.
    This includes any encrypted virtual harddisk partitions (XVD files) which the console mounts for content such as gamesaves, etc.
    Prerequisites:


    Download Windows Server 2003 Resource Kit Tools, from which you'll need the "linkd" utility, as the program relies on it to create links, since mklink does not link to paths that do not exists, and the paths we intend to link to are likely non-existent on your computer.
    Instructions:


    Change the drive letter to your USB drive letter in Program.cs
    Run it
    Plug it into Xbox, use File Browser to browse through the symlinks, which will link to other parts of the system.

    [Only registered and activated users can see links. ]

    Ted
    Run your wife a nice hot bath, light some candles & pour some wine. Then you've at least 40 mins on the xbox plus a clean wife.

    Experts... x is an unknown quantity and spurt is a fast drip.
     
  2. piggzy's Avatar

    piggzy said:

    Default Re: Xbox One Symbolic Link Exploit

    I no longer see a viable exploit on the Xbox One before then next gen hardware is released.

    They did a fucking good job and credit to em..... bastards !
     
  3. BIG-TED's Avatar

    BIG-TED said:

    Default Re: Xbox One Symbolic Link Exploit

    If they found something I imagine it would be kept quiet incase it could be carried to the new one and not patched.
    Just speculation you understand.

    Sent from my SM-G935F using Tapatalk
    Run your wife a nice hot bath, light some candles & pour some wine. Then you've at least 40 mins on the xbox plus a clean wife.

    Experts... x is an unknown quantity and spurt is a fast drip.