How does the stdapi commands 'webcam_snap' and 'webcam_stream' in meterpreter session bypass webcam restrictions/privacy settings on windows? I want to know how one could replicate this for prevention and analysis or just how it works in general.
Asked
Active
Viewed 208 times
0
-
What do you mean by "Webcam restrictions on Windows"? Are you referring to Windows 10's Privacy Settings? – Nov 28 '19 at 10:13
-
Yes edited to make more clear. – sd dev Nov 28 '19 at 10:18
-
And did you verify that Meterpreter is actually able to create a picture of the webcam and doesn't just return e.g. a black image? – Nov 28 '19 at 10:18
-
Yes, I've tested on fully updated windows machine, even with windows defender running it bypasses. – sd dev Nov 28 '19 at 10:20
-
Alright. It might be that the Windows 10 Privacy Settings only count for "installed" applications, not any process. Otherwise you'd see every executable found on your PC in there. Or at least a set of programs that Windows 10 is aware of. But that's just me guessing. – Nov 28 '19 at 10:23
-
Interesting, when I test with opencv in various languages it's unable to take a snapshot or stream with "Allow apps to access your camera" turned off. I assumed it was because of a bypass or something of that nature. – sd dev Nov 28 '19 at 10:24
-
[This page](https://support.microsoft.com/en-us/help/4468232/windows-10-camera-microphone-and-privacy) specifically mentions controls over "Microsoft Store Apps", so it might be possible that other executables are just ignored, or based on what Windows recognizes. – Nov 28 '19 at 10:27