Developed by Gaurav Raj (Mr. Robot)
Take webcam shots from target just sending a malicious link
You can find the original version created by user @thelinuxchoice here : https://github.com/thelinuxchoice/saycheese The first version returns some error for me so i modified it
The tool generates a malicious HTTPS page using Serveo or Ngrok Port Forwarding methods, and a javascript code to cam requests using MediaDevices.getUserMedia.
The MediaDevices.getUserMedia() method prompts the user for permission to use a media input which produces a MediaStream with tracks containing the requested types of media. That stream can include, for example, a video track (produced by either a hardware or virtual video source such as a camera, video recording device, screen sharing service, and so forth), an audio track (similarly, produced by a physical or virtual audio source like a microphone, A/D converter, or the like), and possibly other track types.
See more about MediaDEvices.getUserMedia() here
To convince the target to grant permissions to access the cam, the page uses a javascript code made by https://github.com/wybiral that turns the favicon into a cam stream.
clone this repo
git clone https://github.com/hackers-brain/saycheese_v2.0
change directory to saycheese_v2.0
cd saycheese_v2.0
Note : Ngrok should be downloaded and configured with authtoken in order to link link over WAN ngrok should be in saycheese_v2.0 folder
now run the script
bash saycheese.sh
Author : HackerBrain
HackersBrain : HackTheBox
HackersBrain : TryHackMe