philnash
commented
3 years ago I am not sure why you have raised this as an issue in this repo.
The SayCheese repo appears to use ngrok or Serveo to make a local web server available so that a URL can be sent to someone. Looking through the repo, it checks for the existence of the ngrok executable and doesn't use this Node package.
Further, the supposed malicious site uses the MediaDevices.getUserMedia function to ask for permission to use the camera. It can only get access to the user's camera if the user approves the permission. So this is not hacking in any straightforward sense, the web API is acting as it should by asking permission. You may be able to social engineer a user into giving access, but that is beyond the scope of the web platform, and well beyond the scope of ngrok and consequently beyond the scope of this project too.
Apt update Apt upgrade Pkg install git Pkg install python Git clone https://github.com/hangetzzu/saycheese Ls Cd saycheese Chmod +x * Ls ./saycheese.sh