Exploit Hosting
Credits to this repo by al-azif.
NOTE
What is this? This is an easy way for anyone to host their own exploit for the PS4/PS5/Vita/Wii/Switch/etc on their LAN. Features include:
- Hosts your choice of exploit
- Allows caching of exploits for offline use (Device dependant)
- Sends your choice of payload after a successful exploit
- Blocks update/telemetry domains from resolving
- Serves a specific firmware update to your device (Device dependant)
- Server side application works on just about every platform
- Static Website builder. Compiles the host into a static website to run on HTTP server of your choice (You lose some features using this method, DNS, updater, etc)
Requirements
If you are not using a binary release you will need Python 3.
Root privileges on non-Windows machines.
How to download?
Download the zip on the releases page
Download with Git, be sure to grab the submodules. This does not include any exploits or payloads. This is for experts only, download a release if you have issues.
git clone --recursive https://github.com/Al-Azif/ps4-exploit-host.gitHow to run?
- Download the files (As shown in the "How to download" section above).
Double click the executable (
exploit-host.exe,exploit-host.py, etc). If it starts with no errors, note the IP given.- Alternatively run it from the command line (
exploit-host.exe,./exploit-host,python exploit-host.py, etc) - If you are not root when running on a non-Windows machine you need to use sudo
- Alternatively run it from the command line (
- Follow the Using remote DNS section substituting your DNS IP given noted in the previous step for both primary and secondary DNS IP addresses.
- When done use Ctrl+C to cleanly close the application.
Running on Raspberry Pi
While the "How to run" section applies to the Pi as well there are some more complex options people may want to use for the Pi like running without any network whatsoever.
Modifying settings.json
It's good idea to make a backup of the default settings.json just in case. Any invalid settings will throw a warning and use a default value.
Use valid json formatting. Boolean values should be lower case, integers should not be quoted, etc.
| Setting | Notes | Type |
|---|---|---|
| Debug | Will print debug info from the DNS/HTTP servers | boolean |
| Root_Check | Will skip the root user check for Linux/OSX, only disable if you are sure you don't need it. Will cause port errors if set wrong | boolean |
| Public | If the server is listening on a public IP (Disabled payload sending other than "Auto_Payload and disables viewing/editing settings remotely) | boolean |
| DNS | If the DNS server should be run | boolean |
| HTTP | If the HTTP server should be run | boolean |
| HTTPS | If the HTTPS server should be run | boolean |
| DNS_Interface | The IP of the interface to bind the DNS server to | string (IP Address) |
| DNS_Port | The port to bind the DNS server to | int (1-65535) |
| HTTP_Interface | The IP of the interface to bind the HTTP server to | string (IP Address) |
| HTTP_Port | The port to bind the HTTP server to | int (1-65535) |
| HTTPS_Interface | The IP of the interface to bind the HTTPS server to | string (IP Address) |
| HTTPS_Port | The port to bind the HTTPS server to | int (1-65535) |
| Compression_Level | Enables gzip compression on the HTTP server, 0 being disabled, 9 being most compressed | int (0-9) |
| UA_Check | If the UA should be checked against values in the Valid_UA setting | boolean |
| Theme | Which theme to use, themes must be located in the themes folder | string |
| Sticky_Cache | Whether the appcache manifest should be included in itself or not | boolean |
| Auto_Payload | Payload to send to any IP that accesses server at /success. Payload must be in the payloads folder | string |
| Payload_Timeout | The timeout, in seconds, to try and send a payload through the payload menu before timing out | int (1-999) |
| DNS_Rules [Redirect IP] | The IP address to redirect URLs listed in the Redirect rules to | string (IP Address) |
| DNS_Rules [Redirect] | Array of domains to forwards to DNS_Rules [Redirect IP] | array of strings (regex) |
| DNS_Rules [Block] | Array of domains to block | array of strings (regex) |
| DNS_Rules [Pass_Through] | Array of IP addresses to not modify DNS requests | array of strings (IP Address) |
| Valid_UA | User-Agents to allow access to exploits, only used if UA_Check is enabled | array of strings (regex) |
| Update [PS4_No_Update] | The PS4 version (and lower) listed here will not be served update files | float |
About offline caching and Autoloading
More about that can be found on the repo linked at the start.