Twitter Whisperer + Panic

In my last post I showed you how to control a computer remotely by tweeting your commands in your Twitter account. In that same post I also mentioned the possibility of adding the feature of the Panic Button by redpois0n.

In this post I am including the updated Twitter Whisperer that adds that functionality (I am only using the portion of the code that we need to make it work via Twitter).

If you check the Panic Button’s code, you will be able to see that what it does is that it detaches any TrueCrypt drives before shutting the computer down. Again, this could come in very handy for any activist or someone very concerned with his/her privacy that does not have access to SSH or to a Python shell in his computer network.

So by just tweeting the word “panic” without the quotes and in small caps, the script will detach the TrueCrypt drive(s) and shut the computer down. You can definitely change the word that triggers the Panic Button, and you can even add a specific key if you want to make sure that you are the only one being able to trigger it.

It should work on any platform (Windows, OS X, Linux or BSD).

Here you have the code for the Twitter Whisperer + Panic:


from bs4 import BeautifulSoup as soupy
import urllib.request
import re
import subprocess
import sys
import os


html = urllib.request.urlopen("https://twitter.com/<Your account here>").read()
soup = soupy(html, "lxml")


x = soup.find("meta", {"name": "description"})['content']
command = re.findall('"([^"]*)"', x)

def panic():

print("Shutting down")

if "win" in sys.platform:
os.popen("shutdown /p /f")
elif "darwin" in sys.platform:
os.popen("shutdown -s now")
elif "linux" in sys.platform or "bsd" in sys.platform:
os.popen("poweroff")

if "win" in sys.platform:
os.popen("truecrypt /d")
else:
os.popen("truecrypt -d")

if command[0] == "panic":
panic()
else:
subprocess.call(command[0])

If you want to try it without detaching the TrueCrypt drives, you can comment out the truecrypt lines.

So again, you just have to tweet:

whisperer2

Run the script (or your scheduled task picks it up) and your console prints Shutting down

whisperer2_

Detaches the drives and shuts down.

No run and drill them the F*** out!

drill

You can get the code here.

Twitter Whisperer

whisperer

 

A couple of days ago I read this post on how hackers abused Twitter as C&C. It got me wondering on the possibility of controlling your computer via Twitter.

And the answer is: Yes!, you can control your computer via Twitter, without even using its API.

So imagine you don’t have access to SSH, you can send commands to your computer by just tweeting out whatever you want it to do… I know… there are so many security implications involved here. But yes, the possibilities are endless. The are a couple of caveats, the first one is that the computer that you would be controlling remotely would need to have Python installed, and the second one is that it would need to have a task scheduled to run the script,  and so if you setup a time-lapse of 1 minute between runs, that would be the time-lag that you would need to consider if you want to send a command like the Panic-Button to unmount TrueCrypt drives and shut the computer off.

As a very simple POC, I will pop up the Calculator in Windows.

This is the code for Twitter Whisperer, which can be found here:

from bs4 import BeautifulSoup as soupy
import urllib.request
import re
import subprocess

html = urllib.request.urlopen("https://twitter.com/<your account here>").read()
soup = soupy(html, "lxml")

x = soup.find("meta", {"name": "description"})['content']
command = re.findall('"([^"]*)"', x)

subprocess.call(command[0])


Login to your Twitter account and simply tweet: Calc.exe

tweet

Run the script, and watch the calculator pop-up:

calc

 

I know, it’s just too simple!