Where do i work, you ask?
Straight out of campus an year ago and i got my first job at a leading fin-tech company in Kenya (thanks to Dr. Bright). Well, i never actually finished school but that’s a story for another day.
The thought behinds this?
A few months down the line, we have this ISO 27001 audit around the corner. My team and i preparing tirelessly for the audit like an exam to heaven. However, one thing stands clear. Never leave your laptops unlocked and walk away. That is a major fail on our end, especially from a security perspective.
Okay, we had a Active Directory Group Policy (GPO) for Windows machines, but i was using Linux and was too lazy to always lock my computer. I always forget to lock it.
Tool Discovery
On a completely unrelated quest, i discovered a tool from a friend (Lester) that could enable me to easily connect my android device to my laptop. You can find it here. Setup is fairly easy. And it took me a while to actually discover i was supposed to use the gnome-tweak-took to activate the extension.
All hail, GSConnect
GSconnect is basically a KDE connect, written in GJS for gnome based systems with gnome shell. Some handy features include:
- Sending files between the smartphone and the laptop using the SHH protocol.
- Browsing files on the smartphone.
- Locating your smartphone in case you misplace it.
- Sync the clipboard between the 2 devices (this one is shway!!)
- Sync notifications between the two devices.
- Display smartphone’s battery meter on the laptop.
- Use the phone as a mouse.
- Send SMS from your laptop.
- Control MPRIS2 enabled media players like mplayer and audacious from your phone.
- Run remote commands to your laptop (jackpot)
- etc.
Run remote commands? Bingo!!
Running remote commands on a Linux machine is never a good idea, when you consider the security/convenience see-saw. However, its all about convenience now. Plus a few rules on my local firewall will add a layer of security.
GSConnect enables us to enter custom commands that can be executed from our smartphone. The logic is simple. The client sends the command to the server on the laptop, which executes it as the current user. I was able to use different commands for my tests. This included:
- ping
- loginctl lock-session (lock screen for current user session)
- loginctl unlock-session (unlock screen for current user session)
The commands are not limited to these, but i can blog about smarter ways of doing this if a number of readers request for it. This includes how to use abuse it from a red teamer’s perspective.
On the smartphone, the commands appear as follows and can be used to lock/unlock your laptop.
Fairly interesting tool, huh? This blog title is something i always get asked at work. Now you can walk away and lock/unlock your laptop remotely, and get asked the same question as well ;-). Ooh yeah, and you’ve got to be connected to the same WI-FI network (both phone and laptop).
