Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/admin/appletv/appletv_display_image.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::HttpClient78def initialize(info = {})9super(update_info(info,10'Name' => 'Apple TV Image Remote Control',11'Description' => %q(12This module will show an image on an AppleTV device for a period of time.13Some AppleTV devices are actually password-protected, in that case please14set the PASSWORD datastore option. For password brute forcing, please see15the module auxiliary/scanner/http/appletv_login.16),17'Author' =>18[19'0a29406d9794e4f9b30b3c5d6702c708', # Original work20'sinn3r' # You can blame me for mistakes21],22'References' =>23[24['URL', 'http://nto.github.io/AirPlay.html']25],26'DefaultOptions' => { 'HttpUsername' => 'AirPlay' },27'License' => MSF_LICENSE28))2930# Make the PASSWORD option more visible and hope the user is more aware of this option31register_options([32Opt::RPORT(7000),33OptInt.new('TIME', [true, 'Time in seconds to show the image', 10]),34OptPath.new('FILE', [true, 'Image to upload and show']),35OptString.new('HttpPassword', [false, 'The password for AppleTV AirPlay'])36])3738# We're not actually using any of these against AppleTV in our Rex HTTP client init,39# so deregister them so we don't overwhelm the user with fake options.40deregister_options(41'HTTP::uri_encode_mode', 'HTTP::uri_full_url', 'HTTP::pad_method_uri_count',42'HTTP::pad_uri_version_count', 'HTTP::pad_method_uri_type', 'HTTP::pad_uri_version_type',43'HTTP::method_random_valid', 'HTTP::method_random_invalid', 'HTTP::method_random_case',44'HTTP::uri_dir_self_reference', 'HTTP::uri_dir_fake_relative', 'HTTP::uri_use_backslashes',45'HTTP::pad_fake_headers', 'HTTP::pad_fake_headers_count', 'HTTP::pad_get_params',46'HTTP::pad_get_params_count', 'HTTP::pad_post_params', 'HTTP::pad_post_params_count',47'HTTP::uri_fake_end', 'HTTP::uri_fake_params_start', 'HTTP::header_folding',48'NTLM::UseNTLM2_session', 'NTLM::UseNTLMv2', 'NTLM::SendLM', 'NTLM::SendNTLM',49'NTLM::SendSPN', 'NTLM::UseLMKey', 'DOMAIN', 'DigestAuthIIS', 'VHOST'50)51end525354#55# Sends an image request to AppleTV. HttpClient isn't used because we actually need to keep56# the connection alive so that the video can keep playing.57#58def send_image_request(opts)59http = nil6061http = Rex::Proto::Http::Client.new(62rhost,63rport.to_i,64{65'Msf' => framework,66'MsfExploit' => self67},68ssl,69ssl_version,70proxies,71datastore['HttpUsername'],72datastore['HttpPassword']73)74add_socket(http)7576http.set_config('agent' => datastore['UserAgent'])7778req = http.request_raw(opts)79res = http.send_recv(req)8081Rex.sleep(datastore['TIME']) if res.code == 20082http.close8384res85end868788def get_image_data89File.open(datastore['FILE'], 'rb') { |f| f.read(f.stat.size) }90end919293def show_image94image = get_image_data9596opts = {97'method' => 'PUT',98'uri' => '/photo',99'data' => image100}101102res = send_image_request(opts)103104if !res105print_status("The connection timed out")106elsif res.code == 200107print_status("Received HTTP 200")108else109print_error("The request failed due to an unknown reason")110end111end112113114def run115print_status("Image request sent. Duration set: #{datastore['TIME']} seconds")116show_image117end118end119120121