base on PPPwnUI is a program that adds an UI to the exploit PPPwn created by TheFlow. # PPPwnUI PPPwnUI is a program made in Python that adds an UI to the exploit [PPPwn](https://github.com/TheOfficialFloW/PPPwn/) created by [TheFlow](https://github.com/TheOfficialFloW/). ## Installation : - Clone the repository: ```sh git clone https://github.com/B-Dem/PPPwnUI ``` - Install the requirements: ```sh pip install -r requirements.txt ``` ## Usage : - Launch the app with **Windows :** ```PPPwnUI.bat``` **Linux :** ```sh chmod +x PPPwnUI.sh ``` Then : ```sh ./PPPwnUI.sh ``` - Select your Interface using the drop-down menu - Choose Between the Exploit Version you want to use ([PPPwn Python](https://github.com/TheOfficialFloW/PPPwn), [PPPwn_Go](https://github.com/BestPig/PPPwn_go)) - Choose your Payload Between : - **PPPwn** : (Available for : 7.00, 7.01, 7.02, 7.50, 7.51, 7.55, 8.00, 8.01, 8.03, 8.50, 8.52, 9.00, 9.03, 9.04, 9.50, 9.51, 9.60, 10.00, 10.01, 10.50, 10.70, 10.71 & 11.00) - **PPPwn Goldhen** Payloads : (Available for : 9.00, 9.60, 10.00, 10.01 & 11.00) - **VTX HEN** : (Available for : 7.55, 8.00, 8.03, 8.50, 8.52, 9.00, 9.03, 9.04, 10.00, 10.01 10.50, 10.70, 10.71 & 11.00) - **PPPwn Linux Payloads** : (Available for : 11.00) - **Custom Payloads** : (Your own custom Payloads) - Then click on **Start PPPwn** to start the Exploit. ## PPPwn Usage : On your PS4: - Go to `Settings` and then `Network` - Select `Set Up Internet connection` and choose `Use a LAN Cable` - Choose `Custom` setup and choose `PPPoE` for `IP Address Settings` - Enter anything for `PPPoE User ID` and `PPPoE Pasword` - Choose `Automatic` for `DNS Settings` and `MTU Settings` - Choose `Do Not Use` for `Proxy Server` - Click `Test Internet Connection` to communicate with your computer If the exploit fails or the PS4 crashes, you can skip the internet setup and simply click on `Test Internet Connection`. If the script fail or is stuck waiting for a request/response, abort it and run it again on your computer, and then click on `Test Internet Connection` on your PS4. ## Goldhen Usage : On your Computer: - Copy `goldhen.bin` to the root directory of an exfat/fat32 USB and insert it into your PS4. ## Example run : ```sh [+] PPPwn - PlayStation 4 PPPoE RCE by theflow [+] args: interface=enp0s3 fw=1100 stage1=stage1/stage1.bin stage2=stage2/stage2.bin [+] Using PPPwnUI By Memz ! [+] STAGE 0: Initialization [*] Waiting for PADI... [+] pppoe_softc: 0xffffabd634beba00 [+] Target MAC: xx:xx:xx:xx:xx:xx [+] Source MAC: 07:ba:be:34:d6:ab [+] AC cookie length: 0x4e0 [*] Sending PADO... [*] Waiting for PADR... [*] Sending PADS... [*] Waiting for LCP configure request... [*] Sending LCP configure ACK... [*] Sending LCP configure request... [*] Waiting for LCP configure ACK... [*] Waiting for IPCP configure request... [*] Sending IPCP configure NAK... [*] Waiting for IPCP configure request... [*] Sending IPCP configure ACK... [*] Sending IPCP configure request... [*] Waiting for IPCP configure ACK... [*] Waiting for interface to be ready... [+] Target IPv6: fe80::2d9:d1ff:febc:83e4 [+] Heap grooming...done [+] STAGE 1: Memory corruption [+] Pinning to CPU 0...done [*] Sending malicious LCP configure request... [*] Waiting for LCP configure request... [*] Sending LCP configure ACK... [*] Sending LCP configure request... [*] Waiting for LCP configure ACK... [*] Waiting for IPCP configure request... [*] Sending IPCP configure NAK... [*] Waiting for IPCP configure request... [*] Sending IPCP configure ACK... [*] Sending IPCP configure request... [*] Waiting for IPCP configure ACK... [+] Scanning for corrupted object...found fe80::0fdf:4141:4141:4141 [+] STAGE 2: KASLR defeat [*] Defeating KASLR... [+] pppoe_softc_list: 0xffffffff884de578 [+] kaslr_offset: 0x3ffc000 [+] STAGE 3: Remote code execution [*] Sending LCP terminate request... [*] Waiting for PADI... [+] pppoe_softc: 0xffffabd634beba00 [+] Target MAC: xx:xx:xx:xx:xx:xx [+] Source MAC: 97:df:ea:86:ff:ff [+] AC cookie length: 0x511 [*] Sending PADO... [*] Waiting for PADR... [*] Sending PADS... [*] Triggering code execution... [*] Waiting for stage1 to resume... [*] Sending PADT... [*] Waiting for PADI... [+] pppoe_softc: 0xffffabd634be9200 [+] Target MAC: xx:xx:xx:xx:xx:xx [+] AC cookie length: 0x0 [*] Sending PADO... [*] Waiting for PADR... [*] Sending PADS... [*] Waiting for LCP configure request... [*] Sending LCP configure ACK... [*] Sending LCP configure request... [*] Waiting for LCP configure ACK... [*] Waiting for IPCP configure request... [*] Sending IPCP configure NAK... [*] Waiting for IPCP configure request... [*] Sending IPCP configure ACK... [*] Sending IPCP configure request... [*] Waiting for IPCP configure ACK... [+] STAGE 4: Arbitrary payload execution [*] Sending stage2 payload... [+] Done! ``` ## To do : - Rebuild PPPwn_CPP to use Interface Name and not ID - Auto Updater This Program was originally made with ❤️ by [Memz](https://github.com/B-Dem) for [Sighya](https://sighya.fr). If you find this program helpful, leave a star on the repo! And if you got any feedback, open an issues ! ", Assign "at most 3 tags" to the expected json: {"id":"10066","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"