vitasploit - Exploitation Framework

[Mooliecool]

I can't get it to run, I installed capstone, python2.7 and then I run server.py and get nothing. Any idea whats wrong?

Advertising

[bollafa]

As mentioned above, the vitasploit for 3.30-3.36 is WIP. I looked over it and with some changes I got the initMemHole and some others to work but there are still some problems.
Stay patient till Hykem and I get enough time to fix the things : )
(I should have time in two weeks or so / I don't know whats about Hykem)


### I may upload my "work" to github ###

Thanks for the info!
Btw I got the initMemHole (only that )working by using an old vita33x folder i found and changing some things
P.S:It's funny to think that i used ps vita for this post (I still regret updating to 3.36 )

Advertising

[bollafa]

I can't get it to run, I installed capstone, python2.7 and then I run server.py and get nothing. Any idea whats wrong?

Do you get the message of "Listening at X.X.X.X:8888" if you dont, check if firewall is restricting and/or put "python" on cmd to check if you have the paths correctly setup.

[smithsf0x]

Thanks for the info!
Btw I got the initMemHole (only that )working by using an old vita33x folder i found and changing some things
P.S:It's funny to think that i used ps vita for this post

Yea it looks like the external files weren't included. We now get some "informational" *lol* text on the Vita.
The whole exploit still isn't working but I hope Hykem gets some time to work on it : )

[smithsf0x]

The Exploit is working on 3.36
A bit inconsistent to trigger but working

[provista]

The Exploit is working on 3.36
A bit inconsistent to trigger but working

Sweet! Will you be able to launch the package installer again with this? Even more exploits incoming?

[Hykem]

I apologize for the delay, but thanks to smithsf0x's testing the exploit is finally working on firmware 3.36. The shell is a bit buggy, but it works for now.
After dumping the relevant modules, I'll start implementing the necessary functions to reach the same level of the old exploit.
The changes have been committed to the vitasploit's repository.
Enjoy!

[smithsf0x]

Sweet! Will you be able to launch the package installer again with this? Even more exploits incoming?

Hykem says yes (after dumping some modules).

I will try to start dumping some modules when I found enough time.

[Hykem]

Just added support for firmware version 2.05 to vitasploit thanks to Proxima.
Enjoy!

[Sethpaien]

Hi, Thank you all for your work and sharing it.

I'm trying to find offsets for 3.35. (I should update to 3.36 but it will be less... interesting )
I have found SceWebKit module and get modules import infos from it.
So I get two offsets : scewkbase_off and scelibcentry_off,
But no success finding Scelibc module with scanm so scelibcbase_off offset is missing.
Is there any way to get an address closer from Scelibc module (and others) ? in which range of address should I found it ?
Exploit often crash and I'm not sure to follow the right way .