Rapid7 Vulnerability & Exploit Database

Apple TV Video Remote Control

Back to Search

Apple TV Video Remote Control



This module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky about the server that hosts the video. Tested servers include default IIS, default Apache, and Ruby's WEBrick. For WEBrick, the default MIME list may need to be updated, depending on what media file is to be played. Python SimpleHTTPServer is not recommended. Also, if you're playing a video, the URL must be an IP address. Some AppleTV devices are actually password-protected; in that case please set the PASSWORD datastore option. For password brute forcing, please see the module auxiliary/scanner/http/appletv_login.


  • 0a29406d9794e4f9b30b3c5d6702c708
  • sinn3r <sinn3r@metasploit.com>


Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/admin/appletv/appletv_display_video
msf auxiliary(appletv_display_video) > show actions
msf auxiliary(appletv_display_video) > set ACTION < action-name >
msf auxiliary(appletv_display_video) > show options
    ...show and set options...
msf auxiliary(appletv_display_video) > run 

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security