Vip222K

[murder_face]

So I got bored this morning and decided to connect my VIP222k set-top box to my network and play with it. After a quick portscan I found port 554(RTSP) open. I tried connecting via telnet and it connects, but that's about it. Googled RTSP exploits and all I can find are exploits on specific RTSP clients. Tried connecting from my browser (rtsp://xxx.xxx.xxx.xxx) and It wants totem to open the link, but that doesn't work.

I'm not trying to steal services or anything like that. I just thought it would be fun to poke around my box. Any suggestions?

[murder_face]

So I got bored and did some more poking around from my phone and I also found that port 49200 is open which is UPnP. I did some reading and basic speculation is that this port was opened for GoogleTV, which would be kind of cool because then I would be able to stream directly to my set top box instead of using my wii/smb.

Someone else also suggested that it might be because the box is a "duo" model and the two open ports that I found are what let it "stream" to a separate TV rather than using Picture In Picture.

Some other things that I read said that it might be related to STBH(Set Top Box Health). The only depressing thing about that is from what I read is that STBH is one way.

Another post that I read pointed me to an xml file( yeah i read a lot). that gives me all of the basics of the box. The keywords that I picked up from this were ROOT and MEDIASERVER.

I am by no means a "hacker" or programmer for some reason I just have a great interest in this and wouldn't mind a poke in the right direction. Actually I would rather have some direction rather than the any answers just given to me.

<root><specVersion><major>1</major><minor>0</minor></specVersion><device><deviceType>urn:schemas-upnp-org:device:MediaServer:1</deviceType><friendlyName>ViP222k XXXXXXXXXXX</friendlyName><manufacturer>Dish Network</manufacturer><manufacturerURL>dishnetwork.com</manufacturerURL><modelDescription>ViP222k</modelDescription><modelName>ViP222k</modelName><modelNumber>ViP222k</modelNumber><modelURL>dishnetwork.com</modelURL><serialNumber>R0111503116</serialNumber><UDN>uuid:c4f6b31b-c6bf-4759-886f-06a5670ccba0</UDN><serviceList><service><serviceType>urn:schemas-echostar-com:service:EchoSTB:1</serviceType><serviceId>urn:upnp-org:serviceId:EchoSTB</serviceId><controlURL>/upnp/control/EchoSTB1</controlURL><eventSubURL>/upnp/event/EchoSTB1</eventSubURL><SCPDURL>/EchoSTB_SCPD.xml</SCPDURL></service><service><serviceType>urn:schemas-echostar-com:service:EchoSTB:2</serviceType><serviceId>urn:echostar-com:serviceId:EchoSTB_2</serviceId><controlURL>/upnp/control/EchoSTB2</controlURL><eventSubURL>/upnp/event/EchoSTB2</eventSubURL><SCPDURL>/EchoSTB2_SCPD.xml</SCPDURL></service></serviceList></device><URLBase>

http://192.168.1.3:49200/</URLBase></root>