CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/admin/firetv/firetv_youtube.rb
Views: 11783
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::HttpClient

8


9
  def initialize(info = {})

10
    super(update_info(info,

11
      'Name' => 'Amazon Fire TV YouTube Remote Control',

12
      'Description' => %q{

13
        This module acts as a simple remote control for the Amazon Fire TV's

14
        YouTube app.

15


16
        Tested on the Amazon Fire TV Stick.

17
      },

18
      'Author' => ['wvu'],

19
      'References' => [

20
        ['URL', 'https://www.amazon.com/dp/B00CX5P8FC?_encoding=UTF8&showFS=1'],

21
        ['URL', 'https://www.amazon.com/dp/B00GDQ0RMG/ref=fs_ftvs']

22
      ],

23
      'License' => MSF_LICENSE,

24
      'Actions' => [

25
        ['Play', 'Description' => 'Play video'],

26
        ['Stop', 'Description' => 'Stop video']

27
      ],

28
      'DefaultAction' => 'Play'

29
    ))

30


31
    register_options([

32
      Opt::RPORT(8008),

33
      OptString.new('VID', [true, 'Video ID', 'kxopViU98Xo'])

34
    ])

35
  end

36


37
  def run

38
    case action.name

39
    when 'Play'

40
      stop

41
      sleep(1)

42
      res = play

43
    when 'Stop'

44
      res = stop

45
    end

46


47
    return unless res

48


49
    case res.code

50
    when 201

51
      print_good("Playing https://www.youtube.com/watch?v=#{datastore['VID']}")

52
    when 200

53
      print_status('Stopping video')

54
    when 404

55
      print_error("Couldn't #{action.name.downcase} video")

56
    end

57
  end

58


59
  def play

60
    begin

61
      send_request_cgi(

62
        'method' => 'POST',

63
        'uri' => '/apps/YouTube',

64
        'ctype' => 'text/plain',

65
        'vars_post' => {

66
          'v' => datastore['VID']

67
        }

68
      )

69
    rescue Rex::ConnectionRefused, Rex::ConnectionTimeout,

70
           Rex::HostUnreachable => e

71
      fail_with(Failure::Unreachable, e)

72
    end

73
  end

74


75
  def stop

76
    begin

77
      send_request_raw(

78
        'method' => 'DELETE',

79
        'uri' => '/apps/YouTube/run'

80
      )

81
    rescue Rex::ConnectionRefused, Rex::ConnectionTimeout,

82
           Rex::HostUnreachable => e

83
      fail_with(Failure::Unreachable, e)

84
    end

85
  end

86
end

87


88