-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
63 lines (61 loc) · 2.63 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<!DOCTYPE html>
<html>
<head>
<title>PS4 Auto GoldHen Host by #David127! para 9.00 FW</title>
<link rel="stylesheet" href="./style.css">
<script src="int64.js"></script>
<script src="rop.js"></script>
<script src="kexploit.js"></script>
<script src="webkit.js"></script>
</head>
<body onload="setTimeout(poc, 50);">
<script>
if (window.applicationCache.status=='0'){window.location.replace("cache.html");}
</script>
<h1 id="msgs">PS4 Auto GoldHen Host by #David127! para 9.00 FW</h1>
<hr>
<br>
<div id="jb-progress">
<h1 style="font-size: 30px;margin-top: 77px;margin-bottom: 455px;">Lanzando GoldHEN. Por favor espere...</h1>
</div>
<div id="main-section" style="display: none">
<h1 id=msgs2 style="font-size: 30px;margin-top: 77px;margin-bottom: 391px;">Lanzando GoldHEN. Por favor espere...</h1>
<br>
</div>
<h1 style="margin-top: 43px;color: yellow;">HOST BY:<a href="https://t.me/david_0127" style="color: #00fbfe;margin-left: 10px;">@#David127!</a></h1>
<h1 style="margin-top: 43px;color: yellow;">Agradecimiento especial:<a href="https://twitter.com/sleirsgoevy" style="color: #f31414;margin-left: 10px;">@sleirsgoevy</a><a style="color: white;margin-left: 10px;">ChendoChap</a><a href="https://twitter.com/SpecterDev" style="color: #f31414;margin-left: 10px;">@SpecterDev</a><a style="color: white;margin-left: 10px;">SiSTR0</a><a href="https://twitter.com/Znullptr" style="color: #f31414;margin-left: 10px;">@Znullptr</a><a style="color: white;margin-left: 10px;">Y a más desarrolladores...</a></h1>
<script>
function allset(){
msgs2.innerHTML="GoldHEN";
}
function load_poc(){
var req = new XMLHttpRequest();
req.responseType = "arraybuffer";
req.open('GET', PLfile);
req.send();
req.onreadystatechange = function () {
if (req.readyState == 4) {
PLD = req.response;
var payload_buffer = chain.syscall(477, 0, PLD.byteLength*4 , 7, 0x1002, -1, 0);
var pl = p.array_from_address(payload_buffer, PLD.byteLength*4);
var padding = new Uint8Array(4 - (req.response.byteLength % 4) % 4);
var tmp = new Uint8Array(req.response.byteLength + padding.byteLength);
tmp.set(new Uint8Array(req.response), 0);
tmp.set(padding, req.response.byteLength);
var shellcode = new Uint32Array(tmp.buffer);
pl.set(shellcode,0);
var pthread = p.malloc(0x10);
chain.call(libKernelBase.add32(OFFSET_lk_pthread_create), pthread, 0x0, payload_buffer, 0);
allset();
}
};
}
function jbdone(){
document.getElementById("main-section").style.display = "block";
document.getElementById("jb-progress").style.display = "none";
PLfile = "goldhen.bin";
setTimeout(load_poc, 500);
}
</script>
</body>
</html>