http://ps3.shimpinomori.net/index_en.html

I'm not really interested in the PS3 as much as I am the methodology. If any of you guys manage to pull it off, please post how you did it after you have sent your email and whatnot.


So far I can tell it's running telnet, ftp, http, pop3 and NetBIOS-ssn, which are all running on the standard ports for those services.

- Kyran

Eesh... none of those are particularly secure. It's weird he said don't own other machines on the network. A lot of the attacks against telnet, and FTP are man in the middle/sniffing. Interesting.

Well a quick look he got more than 1600 ports open :)

i did notice this:

http://shimpinomori.net/cgi-bin/index.cgi

i noticed that the WWW-Authenticate header is "Basic" so that means a simple base64() encoding, it's a potential hole. Cuzz you could tamper the header, or overflow it's maxlength of 351 chars (if i remeber correctly). dunno if that is allowed?

ah it sucks!
i don't have the time now to take a good look.

I doubt that's allowed as that site isn't on the PS3/ps3 subdomain?

- Kyran

It's a subdomain, so it must be running on the same box. check IP it renders the same. If i gain access to root i got the sub as well :)

But, i'm just back home and 2 tired, maybe i give it a shot tommorow when the dust settles. i ain't giving it a big chance though, cause they locked everything down on the http/d level, so a few possible methods remain.

This is weird, i think it's just a big scam. it must be a honeypot, there are too many ports listening on that box, and when you connect it kicks you out.

For example:

I tryed to telnet to the identd port (113)
I Got in, but when you run commands it kicks you right out.
Same with other ports.

I Ain't gonna waste my time anymore on this box.

There are actually only 3 ports open on the box. The rest are spoofed to put you off.
The 3 ports open are 22 (SSH), 80 (http (some sort read only, edit via ssh thing)) and 113 (ident)

The PS3 is running the FC5. So you pretty much won't be able to get in without owning another machine on the network. So its good for the person with the idea as they gain revenue from ads (i guess they have them)

Yeah that's weird isn't it?

but 443 (ssl) is open to i saw?
FC5? damn fedora.

Ah, this is pretty lame contest if you ask me,
how on earth is anyone going to root that box?

The Playstation 3 hacking challenge is over! Sorry, nobody managed to hack into the PS3, despite tremendous efforts. Now, the good news is that Kaede gets to keep her Playstation 3.

Who would have guessed, cheater.