search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.17k stars 13.98k forks source link

auxiliary/admin/chromecast/chromecast_youtube no longer works #11889

Open shaneshuford opened 5 years ago

shaneshuford commented 5 years ago

Steps to reproduce

admin/chromecast/chromecast_youtube set RHOST -> 192.168.1.5 exploit

admin/chromecast/chromecast_reset set RHOST -> 192.168.1.5 exploit

chromecast latest as of (5/27/2019)

Expected behavior

reset, or play youtube video

Current behavior

Auxiliary module execution completed Nothing happens on the chromecast/tv

System stuff

VirtualBox Kali GNU/Linux Rolling update && upgrade before exploit

Metasploit version

Frameework: 5.0.24-dev console: 5.0.24-dev

I installed Metasploit with:

kali pre-installed

timwr commented 5 years ago

I think the API was updated while ago, if we can't fix this we should detect the 404 and display an error. Related: https://github.com/balloob/pychromecast/issues/62

wvu commented 5 years ago

Cool, thanks for the heads-up! I'll take a look after standup.

wvu commented 5 years ago

Boooooo, confirmed.

msf5 auxiliary(admin/chromecast/chromecast_youtube) > options

Module options (auxiliary/admin/chromecast/chromecast_youtube):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS   192.168.1.3      yes       The target address range or CIDR identifier
   RPORT    8008             yes       The target port (TCP)
   SSL      false            no        Negotiate SSL/TLS for outgoing connections
   VHOST                     no        HTTP server virtual host
   VID      kxopViU98Xo      yes       Video ID

Auxiliary action:

   Name  Description
   ----  -----------
   Play  Play video

msf5 auxiliary(admin/chromecast/chromecast_youtube) > run
[*] Running module against 192.168.1.3

********************
####################
# Request:
####################
POST /apps/YouTube HTTP/1.1
Host: 192.168.1.3:8008
User-Agent: T{z
Content-Type: application/x-www-form-urlencoded
Content-Length: 13

v=kxopViU98Xo
####################
# Response:
####################
HTTP/1.1 404 Not Found
Content-Length: 0

[-] Couldn't play video
[*] Auxiliary module execution completed
msf5 auxiliary(admin/chromecast/chromecast_youtube) >
wvu commented 5 years ago

Looks like I already detect the 404 and display an error. That error means something different now: DIAL is no longer supported. We'd need to implement CASTV2 using TLS, protobuf, and JSON. For now, let's update the module description and error message.

wvu commented 5 years ago

I'm not closing this until we decide if we want to implement CASTV2.

sempervictus commented 5 years ago

I vote a big yes on CASTv2. These bloody things are everywhere. Their NIDS profile is like IA "flower of death," and they often have adjacency to critical systems. Anything that gets us closer to pwnage of these things seems valuable.

wvu commented 5 years ago

My only concern is how we want to do protobuf in Framework.

github-actions[bot] commented 3 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.