diff --git a/modules/post/multi/manage/play_youtube.rb b/modules/post/multi/manage/play_youtube.rb
index f8604cb58c..f797ae5457 100644
--- a/modules/post/multi/manage/play_youtube.rb
+++ b/modules/post/multi/manage/play_youtube.rb
@@ -6,37 +6,53 @@
class MetasploitModule < Msf::Post
include Msf::Post::File
- PLAY_OPTIONS = 'autoplay=1&loop=1&disablekb=1&modestbranding=1&iv_load_policy=3&controls=0&showinfo=0&rel=0'
-
def initialize(info={})
super( update_info( info,
'Name' => 'Multi Manage YouTube Broadcast',
'Description' => %q{
This module will broadcast a YouTube video on specified compromised systems. It will play
- the video in the target machine's native browser in full screen mode. The VID datastore
- option is the "v" parameter in a YouTube video's URL.
+ the video in the target machine's native browser. The VID datastore option is the "v"
+ parameter in a YouTube video's URL.
+
+ Enabling the EMBED option will play the video in full screen mode through a clean interface
+ but is not compatible with all videos.
+
+ This module will create a custom profile for Firefox on Linux systems in the /tmp directory.
},
'License' => MSF_LICENSE,
- 'Author' => [ 'sinn3r'],
+ 'Author' => [ 'sinn3r' ],
'Platform' => [ 'win', 'osx', 'linux', 'android' ],
- 'SessionTypes' => [ 'shell', 'meterpreter' ]
+ 'SessionTypes' => [ 'shell', 'meterpreter' ],
+ 'Notes' =>
+ {
+ # ARTIFACTS_ON_DISK when the platform is linux
+ 'SideEffects' => [ ARTIFACTS_ON_DISK, AUDIO_EFFECTS, SCREEN_EFFECTS ]
+ },
))
register_options(
[
+ OptBool.new('EMBED', [true, 'Use the embed version of the YouTube URL', true]),
OptString.new('VID', [true, 'The video ID to the YouTube video'])
])
end
- YOUTUBE_BASE_URL = "https://youtube.com/embed/"
+
+
+ def youtube_url
+ if datastore['EMBED']
+ "https://youtube.com/embed/#{datastore['VID']}?autoplay=1&loop=1&disablekb=1&modestbranding=1&iv_load_policy=3&controls=0&showinfo=0&rel=0"
+ else
+ "https://youtube.com/watch?v=#{datastore['VID']}"
+ end
+ end
#
# The OSX version uses an apple script to do this
#
def osx_start_video(id)
- url = "#{YOUTUBE_BASE_URL}#{id}?#{PLAY_OPTIONS}"
script = ''
- script << %Q|osascript -e 'tell application "Safari" to open location "#{url}"' |
+ script << %Q|osascript -e 'tell application "Safari" to open location "#{youtube_url}"' |
script << %Q|-e 'activate application "Safari"' |
script << %Q|-e 'tell application "System Events" to key code {59, 55, 3}'|
@@ -55,7 +71,7 @@ class MetasploitModule < Msf::Post
def win_start_video(id)
iexplore_path = "C:\\Program Files\\Internet Explorer\\iexplore.exe"
begin
- session.sys.process.execute(iexplore_path, "-k #{YOUTUBE_BASE_URL}#{id}?#{PLAY_OPTIONS}")
+ session.sys.process.execute(iexplore_path, "-k #{youtube_url}")
rescue Rex::Post::Meterpreter::RequestError
return false
end
@@ -73,6 +89,7 @@ class MetasploitModule < Msf::Post
# Create a profile
profile_name = Rex::Text.rand_text_alpha(8)
display = get_env('DISPLAY') || ':0'
+ vprint_status("Creating profile #{profile_name} using display #{display}")
o = cmd_exec(%Q|firefox --display #{display} -CreateProfile "#{profile_name} /tmp/#{profile_name}"|)
# Add user-defined settings to profile
@@ -83,8 +100,7 @@ class MetasploitModule < Msf::Post
write_file("/tmp/#{profile_name}/prefs.js", s)
# Start the video
- url = "#{YOUTUBE_BASE_URL}#{id}?#{PLAY_OPTIONS}"
- data_js = %Q|"data:text/html,"|
+ data_js = %Q|"data:text/html,"|
joe = "firefox --display #{display} -p #{profile_name} #{data_js} &"
cmd_exec("/bin/sh -c #{joe.shellescape}")
rescue EOFError