Hacking Do self-hosting exploits work for you? Discuss it here

  • Thread starter Thread starter MattKimura
  • Start date Start date
  • Views Views 8,323
  • Replies Replies 56

Have you succeeded or failed to self-host exploits?

  • I'm very lucky, I succeeded without any problems and my router loves me

    Votes: 22 62.9%
  • I'm one of the damned who has no hope when it comes to local web servers

    Votes: 4 11.4%
  • Didn't work at first, but I solved my problem one way or another

    Votes: 9 25.7%

  • Total voters
    35
@looseless When I filter the Wii U's MAC address thru my router my Wii U can't access the self-host at all.

Here's a screen shot of my router's MAC filtering page as I'm unsure how to "disable wan access (no internet), enable lan access (local access)." Thanks.

27wxhj5.jpg

27wxhj5.jpg
 
@preacherfox Same thing happens to me, I don't know why it does that for me. BUT when I self host via a wireless SD card, I don't have to worry about mac filtering and I'll be offline forever either way.

I use the Toshiba flashair II
 
@looseless When I filter the Wii U's MAC address thru my router my Wii U can't access the self-host at all.

Here's a screen shot of my router's MAC filtering page as I'm unsure how to "disable wan access (no internet), enable lan access (local access)." Thanks.
27wxhj5.jpg
With stock firmware, the only page I could find was /Advanced_Firewall_Content.asp
That should probably work if set up correctly.
You'd be blacklisting all ports except 1 random port the self-hosting would be using.
Alternatively you could try and use the whitelist feature, but I have no idea how it'd work.

DD-WRT is a custom firmware which apparently has device-specific filtering, and can specifically block internet access to that device. This is precisely what you're trying to do.
I have no experience with DD-WRT though. I have no idea what the reliability of it would be like.
https://www.dd-wrt.com/wiki/index.php/Access_Restrictions#Denying_Internet_Access

Edit: Just noticed you're not even on stock firmware lol. Well, what I said still applies.
 
Last edited by shaneod,
@shaneod Thank you for your reply. I think my alternative merlin firmware is laid out slightly different. Below is a pic of the options. I'm not exactly sure how to fill them all out. Any suggestions? Thanks.

30j5qo2.jpg
 
Last edited by preacherfox,
  • Like
Reactions: BothyBhoy
@preacherfox sorry, I actually mis-read that page. That's for ip filtering, not mac filtering.
dd-wrt would suit your needs perfectly. It does exactly what you're looking to do.
there's a *chance* your wii u's ip address could change, rendering ip filtering useless, so I'd go with mac filtering rather than ip filtering.
 
I am on 5.3.2E and i am hosting the exploit file on my pc and android phone with a separate router with no dsl cable pluged - meanning no internet connection present, then i connect my wiiu to it and launch the exploits. I don't think there any danger of updating that way :). I used this techinque because my low cost router didn't properly block DNS, URL and mac adresses. Maybe this a case some got updated.
+ Stand by OFF
+StreetPass OFF
+Tubehax ON

Edit: Never got online with my Wiiu to get my DNS cached.

P.S. As an another solution seems update proof.
 
I am on 5.3.2E and i am hosting the exploit file on my pc and android phone with a separate router with no dsl cable pluged - meanning no internet connection present, then i connect my wiiu to it and launch the exploits. I don't think there any danger of updating that way :). I used this techinque because my low cost router didn't properly block DNS, URL and mac adresses. Maybe this a case some got updated.
+ Stand by OFF
+StreetPass OFF
+Tubehax ON

Edit: Never got online with my Wiiu to get my DNS cached.

P.S. As an another solution seems update proof.
You don't need to disable Streetpass.
Updates are downloaded by Spotpass and it can't be disabled.
 
  • Like
Reactions: CloudLionHeart
How do you guys host the exploit files in a wifi enabled SD card ? I have a toshiba wifi sdcard and wanted to do just that, but the html that such sd cards can host are plain html files. The exploits are php. So, the question is, can this php be executed/preprocessed and the resulting html content saved to then be used in these wii sd cards ? I hope so...

Has anyone done this ?

Thank you.
 
BTW does the Wii U even have Streetpass?
lolwut


How do you guys host the exploit files in a wifi enabled SD card ? I have a toshiba wifi sdcard and wanted to do just that, but the html that such sd cards can host are plain html files. The exploits are php. So, the question is, can this php be executed/preprocessed and the resulting html content saved to then be used in these wii sd cards ? I hope so...

Has anyone done this ?

Thank you.
I don't think any of these WIFI SD cards can run PHP.
People only use them for the other webkit exploits with simple html payloads (for fw 5.3.2 and lower).
 
Last edited by piratesephiroth,
BTW does the Wii U even have Streetpass?
lolwut



I don't think any of these WIFI SD cards can run PHP.
People only use them for the other webkit exploits with simple html payloads (for fw 5.3.2 and lower).


I bought one of those for future ( and present, for usermode ) 5.5.0 exploit. In theory, php is interpreted and as any other dynamic web technology, it just generates html output that the client browser then receives and interprets. The problem is that that dynamic php may be needed in order to adjust/calculate/... things on the fly and depending on the clientside communications. That's my question, is this php execution strictly needed or can we preprocess the php and get the resulting html to later use it in our small, html-only web servers ( sd wifi cards, for example ) ?

EDIT: may be there is a requirement of a dialogue using several steps or something... can someone shed some light on this ?
 
Last edited by Inaki,
I bought one of those for future ( and present, for usermode ) 5.5.0 exploit. In theory, php is interpreted and as any other dynamic web technology, it just generates html output that the client browser then receives and interprets. The problem is that that dynamic php may be needed in order to adjust/calculate/... things on the fly and depending on the clientside communications. That's my question, is this php execution strictly needed or can we preprocess the php and get the resulting html to later use it in our small, html-only web servers ( sd wifi cards, for example ) ?

EDIT: may be there is a requirement of a dialogue using several steps or something... can someone shed some light on this ?
Yeh, I think php is needed to generate the binary rop chains but there's probably a way to host them directly (it's probaly not that easy though).
 
Yeh, I think php is needed to generate the binary rop chains but there's probably a way to host them directly (it's probaly not that easy though).

I guess using wireshark to gather the server client traffic would be a good idea. We may be able to just replay the html traffic...
 
I am using Raspberry Pi 2 and kws server on my Sony Z2 Android hotspot. Failure rate on pi is extremely high, I tried 3 web servers like apache2,nginx and lighttpd (current). For unknown reason Apache stopped working with permission error and forbidden here and there. nginx was 100% failure rate. The kws server on my Z2 almost 100% success rate, the best one but the riskiest method. One mistakes like forgetting to turn off mobile data can bring disaster. With kws android I only relied on tubehax dns if mobile data turn on which failed me before (autoupdate to 5.5.0, bought another 5.3.0). Try to selfhost on my ASUS router but not working.

For security and firewall I used lots of method
1. on wiiu autoupdate off,tubehax dns,quick menu off,standby mode off
2. on my modem, Mac filtering and Ninty site blocked

I think the wifi sdcard is the safest and easiest choice, never tried. Pi is very unreliable, high failure rate, I spent more time hard reset my WiiU than actually playing games.

EDIT : now I have better success rate on my Pi2. Restart the web server before run exploit do the trick.

Hope the IOSU release soon so I can sell my first wii u. I think price may go up a little bit.
 

Site & Scene News

Popular threads in this forum