ok and another thing
i did......
l2ping <mymacdonalds address> and the 4 bytes at a time are not stopping even though i turned my phone's bt off.
where does this data dump end up and what can i do with it?
thanks
ok here it is now lol......
bt ~ # sdptools browse --l2cap 00:19:A1:F6:00:75
-bash: sdptools: command not found
bt ~ # btscanner
Opening the OUI database
Reading the OUI database
Finished reading the OUI database
No Bluetooth devices available
bt ~ # hciconfig hci0 up
bt ~ # hciconfig hci0 mode monitor
hci0: Type: USB
BD Address: 00:11:67:8D:E5:A4 ACL MTU: 1021:8 SCO MTU: 48:10
UP RUNNING
RX bytes:85 acl:0 sco:0 events:9 errors:0
TX bytes:33 acl:0 sco:0 commands:9 errors:0
bt ~ # blarg
-bash: ./blarg: Permission denied
bt ~ # btscanner
Opening the OUI database
Reading the OUI database
Finished reading the OUI database
bt ~ # sdptools browse --l2cap 00:19:A1:F6:00:75
-bash: sdptools: command not found
bt ~ # wtf
-bash: wtf: command not found
bt ~ # sdptools browse--l2cap 00:19:A1:F6:00:75
-bash: sdptools: command not found
bt ~ # sdptools browse--12cap 00:19:A1:F6:00:75
-bash: sdptools: command not found
bt ~ # sdptools browse --12cap 00:19:A1:F6:00:75
-bash: sdptools: command not found
bt ~ # ok wtf
ok and another thing
i did......
l2ping <mymacdonalds address> and the 4 bytes at a time are not stopping even though i turned my phone's bt off.
where does this data dump end up and what can i do with it?
thanks
Changing the title of your thread to reflect the final part that was included.
Again...Excellent post Dr_GrEeN
[CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
[CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
[/B][/SIZE]
[URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
[/URL]
[URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
[/URL]
[URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]
[URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
[/CENTER]
The proper syntax is "sdptool" not "sdptools"Originally Posted by ZaTch
ok here it is now lol......
bt ~ # sdptools browse --l2cap 00:19:A1:F6:00:75
-bash: sdptools: command not found
bt ~ # btscanner
Opening the OUI database
Reading the OUI database
Finished reading the OUI database
No Bluetooth devices available
bt ~ # hciconfig hci0 up
bt ~ # hciconfig hci0 mode monitor
hci0: Type: USB
BD Address: 00:11:67:8D:E5:A4 ACL MTU: 1021:8 SCO MTU: 48:10
UP RUNNING
RX bytes:85 acl:0 sco:0 events:9 errors:0
TX bytes:33 acl:0 sco:0 commands:9 errors:0
bt ~ # blarg
-bash: ./blarg: Permission denied
bt ~ # btscanner
Opening the OUI database
Reading the OUI database
Finished reading the OUI database
bt ~ # sdptools browse --l2cap 00:19:A1:F6:00:75
-bash: sdptools: command not found
bt ~ # wtf
-bash: wtf: command not found
bt ~ # sdptools browse--l2cap 00:19:A1:F6:00:75
-bash: sdptools: command not found
bt ~ # sdptools browse--12cap 00:19:A1:F6:00:75
-bash: sdptools: command not found
bt ~ # sdptools browse --12cap 00:19:A1:F6:00:75
-bash: sdptools: command not found
bt ~ # ok wtf
There's no fate but what we make for ourselves.
-I already know I cant spel-
wow.
now it worked
Hello,
First thing is first, I thank you for providing us with such an informative guide. Much appreciated man!
Okay here is my question/problem:
I surfed a few channels, but channel 4 caught my attention. My phone asks me to connect with my BlueTooth dongle and asks for a 16 digit code in repsonse to the command. Now, I know of '0000' as default..but a '16' digit code? Im really confused here. I do know that channel 4 is the Sim Card, but every other port doesnt give me any answers apart from a pairing code which 'Never' works when given [0000] as BT rejects it. Maybe within the bluesnarfer command I should add a 'key' [0000] in order to pair, but I can not figure out which segment of the command to add this.Code:bt ~#bluesnarfer -r 1-100 -C 4 -b FF:FF:FF:FF:FF:FF devicename: Nokia 6230
Here is a dump of my sdptool results:
Another thing is, when I watched a few videos and read a few PDF files on bluesnarfing, the target phones never asked for pairing. Does this mean that the cell phone that I am pentesting is not vunerable to bluesnarfer [Nokia 6230]?Code:bt ~ # sdptool browse --l2cap 00:FF:00:FF:00:FF Browsing 00:FF:00:FF:00:FF ... Service Name: OBEX Object Push Service RecHandle: 0x1001c Service Class ID List: "OBEX Object Push" (0x1105) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 9 "OBEX" (0x0008) Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "OBEX Object Push" (0x1105) Version: 0x0100 Service Name: OBEX File Transfer Service RecHandle: 0x1001d Service Class ID List: "OBEX File Transfer" (0x1106) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 10 "OBEX" (0x0008) Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "OBEX File Transfer" (0x1106) Version: 0x0100 Service Name: Dial-up networking Service RecHandle: 0x1001e Service Class ID List: "Dialup Networking" (0x1103) "Generic Networking" (0x1201) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 1 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "Dialup Networking" (0x1103) Version: 0x0100 Service Name: Nokia PC Suite Service RecHandle: 0x1001f Service Class ID List: "Serial Port" (0x1101) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 15 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Service Name: COM 1 Service RecHandle: 0x10020 Service Class ID List: "Serial Port" (0x1101) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 3 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Service Name: Voice Gateway Service RecHandle: 0x10021 Service Class ID List: "Handfree Audio Gateway" (0x111f) "Generic Audio" (0x1203) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 13 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "Handsfree" (0x111e) Version: 0x0101 Service Name: Audio Gateway Service RecHandle: 0x10022 Service Class ID List: "Headset Audio Gateway" (0x1112) "Generic Audio" (0x1203) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 12 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "Headset" (0x1108) Version: 0x0100 Service Name: Client SYNCML Service RecHandle: 0x10024 Service Class ID List: UUID 128: 00000002-0000-1000-8000-0002ee000002 Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 11 "OBEX" (0x0008) Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Service RecHandle: 0x10025 Service Class ID List: UUID 128: 00005001-0000-1000-8000-0002ee000001 Protocol Descriptor List: "L2CAP" (0x0100) PSM: 21505 Service RecHandle: 0x10026 Service Class ID List: UUID 128: 00005002-0000-1000-8000-0002ee000001 Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 14 Service RecHandle: 0x10027 Service Class ID List: UUID 128: 00005003-0000-1000-8000-0002ee000001 Protocol Descriptor List: "L2CAP" (0x0100) PSM: 22529 Service Name: SIM ACCESS Service RecHandle: 0x10028 Service Class ID List: "SIM Access" (0x112d) "Generic Telephony" (0x1204) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 4 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "SIM Access" (0x112d) Version: 0x0100
Also, I was messing around with the commands, exploring..seeing what they do so I can understand them more. After I pentested my cell phone I realised that what I did to it must have enabled a handset because now I can listen to my radio on my phone 'WITHOUT' connecting a handset. The handset is required to listen to the radio. [Yes..I set it on loudspeaker to listen]...this is kinda strange, never seen anything on the net about it...maybe I discovered a new hack I dont know[Any suggests/opinions on this would be great].
And again, great tutorial!
[Maybe people should bump this one so it doesnt get lost like a few of my tuts lol].
--Denv
ok so
bt ~ # bluebugger -m bill -c 8 -a 00:19:A1:F6:00:75 messages
bluebugger 0.1 ( MaJoMu | ww.codito.de )
-----------------------------------------
Target Device: '00:19:A1:F6:00:75'
Target Name: 'LG shadow '
tcgetattr failed: Input/output error
bt_rfcomm_config() failed
...done
i know rfcomm refused is a channel error but what are these ones?
myguess is that i entered something wrong
Man posting stuff like that could be trouble. Looks like your posting privelages have been removed. Should enter false/pretend credentials from now on man.
So about my previous post, does anyone have a clue to why modern phones ask for pairing whilst running bluesnarf? Does this mean that the phone is not vulnerable? Thanks.
The removal of posting privileges, has nothing to do with this thread or post, it was due to actions in another part of the forum.
Hello,
I was wondering, could you tell me which BlueTooth USB dongle you are using? I am using a "SWEEX" version which should work from 100m distance but it's not. I'm getting the same "rfcomm" error everyone else is getting.
Would buying another one solve the problem? I'm asking this since you're also using BackTrack and DID get it to work. Then the only option MUST be that it's the dongle's problem, maybe it's not compatible with Linux.
Thanks a lot.
Posting Permissions
