Skip to content

Manipulate Remote Host WebCam (CommandCam.exe)

Jump to bottom
pedro ubuntu edited this page May 23, 2020 · 32 revisions

Description

This Module allows attackers to Remote Control Target WebCam (Laptop|PC|Pads) to take a screenshot OR to list all webcam devices Available. This module will upload @tedburke/CommandCam.exe binary to target '$env:tmp' folder, before silent execute it in background (cmd child process).

'CommandCam' is a simple and easy to use command line webcam image grabber for Windows. It captures a single image from a webcam and stores it in a bitmap file (bmp). CommandCam uses Microsoft’s DirectShow API to access webcams, so it should work with most USB cameras. CommandCam.exe (meterpeter) have been modified (digital signed) to evade signature detection.

Remark

  • Remote-Host WebCam will turn 'on' the 'green' ligth while taking screenshots
  • CommandCam.exe binary (Manipulate WebCam) will be 'auto-deleted' after each action
  • 'PS Downgrade attack' its used to exec CommandCam.exe If the Client its exec as Administrator
  • ALL the Modules in this article does 'not' require the Client to be executed with 'Admin Privs'

Article Quick Jump List


List All Remote-Host Webcams (devices) Available

1º - Sellect meterpeter 'PostExploit' Module 1

2º - Sellect meterpeter 'CamSnap' Module 2

3º - Sellect meterpeter 'Device' Module 3


Use Target WebCam to take a screenshot

1º - Sellect meterpeter 'PostExploit' Module 1

2º - Sellect meterpeter 'CamSnap' Module 2

3º - Sellect meterpeter 'Snap' Module
This Module will take target screenshot using default webcam and store it on remote '$env:tmp' dir. 4

  • Remark:
  • Take a remote screenshot using target webcam updated to use PSV2 ('PS downgrade attack') to evade AMSI string suspicious (amsistream), This setting its only available if target user have executed the Client with 'Administrator' Privileges or if meterpeter 'Privilege Escalation' Module its used to elevate session Privileges before running the CamSnap Module ..

4º - Sellect meterpeter 'Download' Module
Use meterpeter 'Download' Module to download remote-host screenshot 5


Manual sellect webcam device name to use

1º - Sellect meterpeter 'PostExploit' Module 1

2º - Sellect meterpeter 'CamSnap' Module 2

3º - Sellect meterpeter 'Device' Module 3

4º - Sellect meterpeter 'Manual' Module nm

Clone this wiki locally