Hacking Self-hosted payloads with only static HTML

Glix · Jul 23, 2016

simbin said:
kexploit10.mp4 Illuminati thing right?

I had that working a few times and thought it was finally all good - but then it started freezing too

It's true - I have more success loading kexploit10.mp4 Illuminati but it freezes a bunch too. I can't seem to get hbl.mp4 or loadiine.mp4 working again. I noticed the faster I load kexploit10.mp4 from the browser, the higher success rate. It just seems like timing is off, perhaps it's on my OpenWrt. I'm just using a WRT54G router with 2MB flash and since PHP5 failed I lost most of my space until I reflash ugh

Online exploit is working but I don't want to rely on that long-term. May end up compiling a new OpenWrt kernel with lighttpd and try the php method if I can squeeze it on there.

Yeah sorry I can't comment on whether your router is beefy enough, I'm using a WD N750, with the payloads I linked earlier which are just the subset (and kexploit) of the packages drizz uploaded. It doesn't need php as it uses Javascript to redirect to the correct package, if you are having trouble maybe stripping the pages right down so they have literally just hyperlinks, ie remove the css, the table and rip out all the invalid entries that don't match your setup in the Javascript if else.

You've motivated me to fix up that web page, so I have:

Github: https://github.com/asthemic/wiiu-payloads
Download: https://github.com/asthemic/wiiu-payloads/archive/master.zip

Wii U browser doesn't support flex properly even on 5.5.1. Although the developer interface for the browser they have is cool but needs net access to work.

Those on lower firmwares might want to make sure their necessary payloads are there.

simbin · Jul 24, 2016

Glix said:
Yeah sorry I can't comment on whether your router is beefy enough, I'm using a WD N750, with the payloads I linked earlier which are just the subset (and kexploit) of the packages drizz uploaded. It doesn't need php as it uses Javascript to redirect to the correct package, if you are having trouble maybe stripping the pages right down so they have literally just hyperlinks, ie remove the css, the table and rip out all the invalid entries that don't match your setup in the Javascript if else.

You've motivated me to fix up that web page, so I have:

Github: https://github.com/asthemic/wiiu-payloads
Download: https://github.com/asthemic/wiiu-payloads/archive/master.zip

Wii U browser doesn't support flex properly even on 5.5.1. Although the developer interface for the browser they have is cool but needs net access to work.

Those on lower firmwares might want to make sure their necessary payloads are there.

So is it .bin or .mp4 payloads that are getting used? I've been trying the .mp4 because I thought the .bins were for PHP only.

Yeah my router is old. I've stripped everything down so it's just www - plenty of RAM and CPU open. The storage is only 2MB - Part of that gets used for the OpenWrt kernel, so it's a magic trick squeezing everything on there.

Thanks for your help!

Glix · Jul 24, 2016

simbin said:
So is it .bin or .mp4 payloads that are getting used? I've been trying the .mp4 because I thought the .bins were for PHP only.

Yeah my router is old. I've stripped everything down so it's just www - plenty of RAM and CPU open. The storage is only 2MB - Part of that gets used for the OpenWrt kernel, so it's a magic trick squeezing everything on there.

Thanks for your help!

For 5.5.1 you only need:
www/index.html
www/kexploit31/index.html
www/kexploit31/payload550.mp4
www/homebrew_launcher/index.html
www/homebrew_launcher/payload550.mp4
www/loadiine_gx2/index.html
www/loadiine_gx2/payload550.mp4
www/css/common.min.css
www/css/component.min.css
(9 Files, 4 Folders)
Size: 138 KB (141,672 bytes)
Size on Disk (4k cluster): 168 KB (172,032 bytes)

There is some unused css, but it's only 2kb at the moment.
I believe the bin's are just there to show where the mp4's came from (if you view the contents of code550/bin and payload550.mp4, you can see the video padding added to the top and bottom of the file).

simbin · Jul 24, 2016

Glix said:
For 5.5.1 you only need:
www/index.html
www/kexploit31/index.html
www/kexploit31/payload550.mp4
www/homebrew_launcher/index.html
www/homebrew_launcher/payload550.mp4
www/loadiine_gx2/index.html
www/loadiine_gx2/payload550.mp4
www/css/common.min.css
www/css/component.min.css
(9 Files, 4 Folders)
Size: 138 KB (141,672 bytes)
Size on Disk (4k cluster): 168 KB (172,032 bytes)

There is some unused css, but it's only 2kb at the moment.
I believe the bin's are just there to show where the mp4's came from (if you view the contents of code550/bin and payload550.mp4, you can see the video padding added to the top and bottom of the file).

Thanks for listing everything. kexploit31 just freezes on me. kexploit10 is probably the most consistent but it still freezes a lot. And even when it loads, there's a 95% chance HBL will fail. Not sure what to try next - for now I scratch my head..

Glix · Jul 24, 2016

simbin said:
Thanks for listing everything. kexploit31 just freezes on me. kexploit10 is probably the most consistent but it still freezes a lot. And even when it loads, there's a 95% chance HBL will fail. Not sure what to try next - for now I scratch my head..

I remember that when kexploit31 first came out, there was another version needed for EU, and I'm guessing drizz will also be on an EU WiiU. I'll see if I can spot what was difference. For me kexploit31 goes straight to the green illuminati screen, then closes, and then I load the browser again choosing homebrew or loadiine.

If you want to give it a bash, the original launch was here: https://gbatemp.net/threads/tutoria...server-loadiine-homebrew-launcher-etc.424948/

You could try converting the appropriate bin's to mp4 and see if you have better luck with those.

JimmyZ · Jul 26, 2016

simbin said:
Online exploit is working but I don't want to rely on that long-term. May end up compiling a new OpenWrt kernel with lighttpd and try the php method if I can squeeze it on there.

I think I've got into very similar situations here, loadiine.ovh works but self hosting fails, 5.5.1, Wii U freeze on loading mp4, see if my workaround helps:

https://github.com/dimok789/loadiine_gx2/issues/134#issuecomment-234660246

you can save mp4 from loadiine.ovh on your desktop browser, just navigate to http://loadiine.ovh/index.php?l=551 -> click submit -> right click -> save as

simbin · Jul 26, 2016

JimmyZ said:
I think I've got into very similar situations here, loadiine.ovh works but self hosting fails, 5.5.1, Wii U freeze on loading mp4, see if my workaround helps:

https://github.com/dimok789/loadiine_gx2/issues/134#issuecomment-234660246

you can save mp4 from loadiine.ovh on your desktop browser, just navigate to http://loadiine.ovh/index.php?l=551 -> click submit -> right click -> save as

It worked the first time and like usual I got excited. Second time.. freeze. Third time.. freeze. Fourth time.. freeze.. It always seems to be the same way once I get one that works - it works once. The MD5 from loadiine.ovh is different from the others I've downloaded though.

JimmyZ · Jul 26, 2016

simbin said:
It worked the first time and like usual I got excited. Second time.. freeze. Third time.. freeze. Fourth time.. freeze.. It always seems to be the same way once I get one that works - it works once. The MD5 from loadiine.ovh is different from the others I've downloaded though.

So your case is even worse than mine ┐(￣ヮ￣)┌

You said online exploit works, may I ask which one? Or all of them? Does loadiine.ovh work?

simbin · Jul 26, 2016

JimmyZ said:
So your case is even worse than mine ┐(￣ヮ￣)┌

You said online exploit works, may I ask which one? Or all of them? Does loadiine.ovh work?

I must be cursed. I'm glad you got yours working though.

JimmyZ · Jul 26, 2016

simbin said:
I must be cursed. I'm glad you got yours working though.

This really got my curiosity, could you answer those questions? I edited that post, and have you tried httpd other than openwrt's?

simbin · Jul 26, 2016

JimmyZ said:
This really got my curiosity, could you answer those questions? I edited that post, and have you tried httpd other than openwrt's?

Yeah loadliine.ovh works. I hosted the PHP exploit from XAMPP and it worked - never tried MP4 that way. On 5.3.2 I always got black screen freezes with dots/artifacts. On 5.5.1 usually get MP4 to work once, then never again. It just freezes on the curtain.

I just put the (loadiine.ovh) hbl.mp4 on a completely different server (miniweb) and it worked once - freeze second time. Got it to work 3rd, 4th time - stop/start server. Going to test that theory with OpenWrt..

Well must have been coincidence. miniweb has mostly worked - only one freeze so far. openwrt freeze constantly - only worked twice. I'm just wondering if it's a power saving mode or something since my openwrt is on a router

JimmyZ · Jul 26, 2016

simbin said:
Well must have been coincidence. miniweb has mostly worked - only one freeze so far. openwrt freeze constantly - only worked twice. I'm just wondering if it's a power saving mode or something since my openwrt is on a router

So progress! Try access that file on openwrt with wget or curl multiple times?

arrom · Aug 23, 2016

I ve trying to use this, but I got only a mediocre success rate. I am also using openwrt with lighttpd. I was reading the php scripts and it has a "sleep" function so the video player have time to open. Maybe this is the problem.

Kafluke · Aug 23, 2016

Just so you guys know, @oldsk00l has been researching and testing for me for about a week and he has managed to get all 5.3.2 static payloads to launch perfectly in my AIO. You're all welcome to download and look at the .html files. He was able to add a script for buffering the exploit so it works 100% of the time for 5.3.2 users!

@Cybernatus has an online version of my site hosted at this address:

loadiine.ovh/kafluke

oldsk00l · Aug 23, 2016

Kafluke said:
Just so you guys know, @oldsk00l has been researching and testing for me for about a week and he has managed to get all 5.3.2 static payloads to launch perfectly in my AIO. You're all welcome to download and look at the .html files. He was able to add a script for buffering the exploit so it works 100% of the time for 5.3.2 users!

@Cybernatus has an online version of my site hosted at this address:

loadiine.ovh/kafluke

I will check it out when i'm at home. But i'm sure it will work great! :-)

Edit - lol wrong thread, sry

@Kafluke you could link the loadiine.ovh/kafluke in the OP as "example" as long as it is up to date. What do you mean?

Hacking Self-hosted payloads with only static HTML

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Sarcastic Troll

Well-Known Member

Sarcastic Troll

Well-Known Member

Sarcastic Troll

Well-Known Member

Sarcastic Troll

Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum