The ChromeCast Exploitation Kit
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CCEK.py
LICENSE
README.md

README.md

ChromeCast Exploitation Kit

Controlling ChromeCasts though the command line. Made by Brussec Security with ❤️

Requirements

  • Python
  • Curl

Installation

All you really need to do is install python and curl and clone this repository. But just because I can, here are the commands:

sudo apt-get install python curl
git clone https://github.com/PabloBrusseel/CCEK.git

Usage

CCEK.py -t <target> -a <action> -v <value>

Supported actions/commands

  • play : Play a Youtube video with ID specified in the value parameter
  • setName : Set the device name to the value specified in the value parameter
  • scanWifi : Scan nearby Wifi networks
  • reboot : Reboot the device
  • factoryReset : Resets the device to Factory Settings (USE WITH CARE)

Examples

Change the device name of a ChromeCast

CCEK.py -t 192.168.0.43 -a setName -v "Pablo is my hero"

Play a video (Rick Roll)

CCEK.py -t 192.168.0.43 -a play -v dQw4w9WgXcQ

Reboot the ChromeCast

CCEK.py -t 192.168.0.43 -a reboot

Contact

Disclaimer

The idea for this tool came after some guy sent curl requests to publicly-exposed ChromeCasts on the internet to spread PewDiePie propaganda. As this is documented functionality, you can't actually call this an exploit. Although one could wonder why this is possible without a single form of authentication.