Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/admin/chromecast/chromecast_youtube.rb
19535 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::HttpClient

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'Chromecast YouTube Remote Control',

14
        'Description' => %q{

15
          This module acts as a simple remote control for Chromecast YouTube.

16


17
          Only the deprecated DIAL protocol is supported by this module.

18
          Casting via the newer CASTV2 protocol is unsupported at this time.

19
        },

20
        'Author' => ['wvu'],

21
        'References' => [

22
          ['URL', 'http://www.google.com/intl/en/chrome/devices/chromecast/index.html'] # vendor website

23
        ],

24
        'License' => MSF_LICENSE,

25
        'Actions' => [

26
          ['Play', { 'Description' => 'Play video' }],

27
          ['Stop', { 'Description' => 'Stop video' }]

28
        ],

29
        'DefaultAction' => 'Play',

30
        'Notes' => {

31
          'Stability' => [CRASH_SAFE],

32
          'SideEffects' => [IOC_IN_LOGS, SCREEN_EFFECTS],

33
          'Reliability' => []

34
        }

35
      )

36
    )

37


38
    register_options([

39
      Opt::RPORT(8008),

40
      OptString.new('VID', [true, 'Video ID', 'kxopViU98Xo'])

41
    ])

42
  end

43


44
  def run

45
    vid = datastore['VID']

46


47
    case action.name

48
    when 'Play'

49
      res = play(vid)

50
    when 'Stop'

51
      res = stop

52
    end

53


54
    return unless res

55


56
    case res.code

57
    when 201

58
      print_good("Playing https://www.youtube.com/watch?v=#{vid}")

59
    when 200

60
      print_status('Stopping video')

61
    when 404

62
      print_error('Target no longer supports casting via the DIAL protocol. ' \

63
                  'CASTV2 is not supported by this module at this time.')

64
    end

65
  end

66


67
  def play(vid)

68
    send_request_cgi(

69
      'method' => 'POST',

70
      'uri' => '/apps/YouTube',

71
      'agent' => Rex::Text.rand_text_english(rand(1..42)),

72
      'vars_post' => {

73
        'v' => vid

74
      }

75
    )

76
  rescue Rex::ConnectionRefused, Rex::ConnectionTimeout,

77
         Rex::HostUnreachable => e

78
    fail_with(Failure::Unreachable, e)

79
  ensure

80
    disconnect

81
  end

82


83
  def stop

84
    send_request_raw(

85
      'method' => 'DELETE',

86
      'uri' => '/apps/YouTube',

87
      'agent' => Rex::Text.rand_text_english(rand(1..42))

88
    )

89
  rescue Rex::ConnectionRefused, Rex::ConnectionTimeout,

90
         Rex::HostUnreachable => e

91
    fail_with(Failure::Unreachable, e)

92
  ensure

93
    disconnect

94
  end

95
end

96


97