PPPwn使用者介面
PPPwnUI Release 4.1
PPPwnUI 是一個用 Python 編寫的程序,它為 TheFlow 創建的 PPPwn 漏洞添加了一個 UI。
git clone https://github.com/B-Dem/PPPwnUIpip install -r requirements.txt啟動應用程式
窗戶:
PPPwnUI.bat
Linux:
chmod +x PPPwnUI.sh然後 :
./PPPwnUI.sh使用下拉式選單選擇您的介面
選擇您要使用的漏洞版本(PPPwn Python、PPPwn_Go)
選擇您的有效負載:
PPPwn :(適用於:7.00、7.01、7.02、7.50、7.51、7.55、8.00、8.01、8.03、8.50、8.52、9.00、9.03、9.04、9.50、9.51、10. 71 和11.00)
PPPwn Goldhen有效負載:(適用於:9.00、9.60、10.00、10.01 和 11.00)
VTX 母雞:(適用於:7.55、8.00、8.03、8.50、8.52、9.00、9.03、9.04、10.00、10.01 10.50、10.70、10.71 和 11.00)
PPPwn Linux 有效負載:(適用於:11.00)
自訂有效負載:(您自己的自訂有效負載)
然後按一下「Start PPPwn」以啟動漏洞利用。
在你的 PS4 上:
Settings ,然後前往NetworkSet Up Internet connection並選擇Use a LAN CableCustom設定並選擇PPPoE作為IP Address SettingsPPPoE User ID和PPPoE PaswordDNS Settings和MTU Settings選擇AutomaticDo Not Use用於Proxy ServerTest Internet Connection以與您的電腦進行通信如果漏洞利用失敗或 PS4 崩潰,您可以跳過網路設置,只需點擊Test Internet Connection即可。如果腳本失敗或卡住等待請求/回應,請中止它並在您的電腦上再次執行它,然後按一下 PS4 上的Test Internet Connection 。
在您的電腦上:
goldhen.bin複製到 exfat/fat32 USB 的根目錄並將其插入 PS4。 [+] PPPwn - PlayStation 4 PPPoE RCE by theflow
[+] args: interface=enp0s3 fw=1100 stage1=stage1/stage1.bin stage2=stage2/stage2.bin
[+] Using PPPwnUI By Memz !
[+] STAGE 0: Initialization
[ * ] Waiting for PADI...
[+] pppoe_softc: 0xffffabd634beba00
[+] Target MAC: xx:xx:xx:xx:xx:xx
[+] Source MAC: 07:ba:be:34:d6:ab
[+] AC cookie length: 0x4e0
[ * ] Sending PADO...
[ * ] Waiting for PADR...
[ * ] Sending PADS...
[ * ] Waiting for LCP configure request...
[ * ] Sending LCP configure ACK...
[ * ] Sending LCP configure request...
[ * ] Waiting for LCP configure ACK...
[ * ] Waiting for IPCP configure request...
[ * ] Sending IPCP configure NAK...
[ * ] Waiting for IPCP configure request...
[ * ] Sending IPCP configure ACK...
[ * ] Sending IPCP configure request...
[ * ] Waiting for IPCP configure ACK...
[ * ] Waiting for interface to be ready...
[+] Target IPv6: fe80::2d9:d1ff:febc:83e4
[+] Heap grooming...done
[+] STAGE 1: Memory corruption
[+] Pinning to CPU 0...done
[ * ] Sending malicious LCP configure request...
[ * ] Waiting for LCP configure request...
[ * ] Sending LCP configure ACK...
[ * ] Sending LCP configure request...
[ * ] Waiting for LCP configure ACK...
[ * ] Waiting for IPCP configure request...
[ * ] Sending IPCP configure NAK...
[ * ] Waiting for IPCP configure request...
[ * ] Sending IPCP configure ACK...
[ * ] Sending IPCP configure request...
[ * ] Waiting for IPCP configure ACK...
[+] Scanning for corrupted object...found fe80::0fdf:4141:4141:4141
[+] STAGE 2: KASLR defeat
[ * ] Defeating KASLR...
[+] pppoe_softc_list: 0xffffffff884de578
[+] kaslr_offset: 0x3ffc000
[+] STAGE 3: Remote code execution
[ * ] Sending LCP terminate request...
[ * ] Waiting for PADI...
[+] pppoe_softc: 0xffffabd634beba00
[+] Target MAC: xx:xx:xx:xx:xx:xx
[+] Source MAC: 97:df:ea:86:ff:ff
[+] AC cookie length: 0x511
[ * ] Sending PADO...
[ * ] Waiting for PADR...
[ * ] Sending PADS...
[ * ] Triggering code execution...
[ * ] Waiting for stage1 to resume...
[ * ] Sending PADT...
[ * ] Waiting for PADI...
[+] pppoe_softc: 0xffffabd634be9200
[+] Target MAC: xx:xx:xx:xx:xx:xx
[+] AC cookie length: 0x0
[ * ] Sending PADO...
[ * ] Waiting for PADR...
[ * ] Sending PADS...
[ * ] Waiting for LCP configure request...
[ * ] Sending LCP configure ACK...
[ * ] Sending LCP configure request...
[ * ] Waiting for LCP configure ACK...
[ * ] Waiting for IPCP configure request...
[ * ] Sending IPCP configure NAK...
[ * ] Waiting for IPCP configure request...
[ * ] Sending IPCP configure ACK...
[ * ] Sending IPCP configure request...
[ * ] Waiting for IPCP configure ACK...
[+] STAGE 4: Arbitrary payload execution
[ * ] Sending stage2 payload...
[+] Done ! 這個程式最初是由 Memz 為 Sighya 與 ❤️ 製作的。
如果您發現程式有幫助,請在儲存庫上留下一顆星!
如果您有任何反饋,請提出問題!
