Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 45

Thread: Bluesnarfer & Bluebugger Guide With Backtrack

  1. #11
    Junior Member NoobBiscUiT's Avatar
    Join Date
    Jun 2007
    Posts
    58

    Default

    ok here it is now lol......


    bt ~ # sdptools browse --l2cap 00:19:A1:F6:00:75
    -bash: sdptools: command not found
    bt ~ # btscanner
    Opening the OUI database
    Reading the OUI database
    Finished reading the OUI database
    No Bluetooth devices available
    bt ~ # hciconfig hci0 up
    bt ~ # hciconfig hci0 mode monitor
    hci0: Type: USB
    BD Address: 00:11:67:8D:E5:A4 ACL MTU: 1021:8 SCO MTU: 48:10
    UP RUNNING
    RX bytes:85 acl:0 sco:0 events:9 errors:0
    TX bytes:33 acl:0 sco:0 commands:9 errors:0

    bt ~ # blarg
    -bash: ./blarg: Permission denied
    bt ~ # btscanner
    Opening the OUI database
    Reading the OUI database
    Finished reading the OUI database
    bt ~ # sdptools browse --l2cap 00:19:A1:F6:00:75
    -bash: sdptools: command not found
    bt ~ # wtf
    -bash: wtf: command not found
    bt ~ # sdptools browse--l2cap 00:19:A1:F6:00:75
    -bash: sdptools: command not found
    bt ~ # sdptools browse--12cap 00:19:A1:F6:00:75
    -bash: sdptools: command not found
    bt ~ # sdptools browse --12cap 00:19:A1:F6:00:75
    -bash: sdptools: command not found
    bt ~ # ok wtf

  2. #12
    Junior Member NoobBiscUiT's Avatar
    Join Date
    Jun 2007
    Posts
    58

    Default

    ok and another thing
    i did......
    l2ping <mymacdonalds address> and the 4 bytes at a time are not stopping even though i turned my phone's bt off.
    where does this data dump end up and what can i do with it?
    thanks

  3. #13
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Changing the title of your thread to reflect the final part that was included.

    Again...Excellent post Dr_GrEeN
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  4. #14
    Junior Member cyberconsole's Avatar
    Join Date
    Aug 2007
    Posts
    57

    Default

    Quote Originally Posted by ZaTch View Post
    ok here it is now lol......


    bt ~ # sdptools browse --l2cap 00:19:A1:F6:00:75
    -bash: sdptools: command not found
    bt ~ # btscanner
    Opening the OUI database
    Reading the OUI database
    Finished reading the OUI database
    No Bluetooth devices available
    bt ~ # hciconfig hci0 up
    bt ~ # hciconfig hci0 mode monitor
    hci0: Type: USB
    BD Address: 00:11:67:8D:E5:A4 ACL MTU: 1021:8 SCO MTU: 48:10
    UP RUNNING
    RX bytes:85 acl:0 sco:0 events:9 errors:0
    TX bytes:33 acl:0 sco:0 commands:9 errors:0

    bt ~ # blarg
    -bash: ./blarg: Permission denied
    bt ~ # btscanner
    Opening the OUI database
    Reading the OUI database
    Finished reading the OUI database
    bt ~ # sdptools browse --l2cap 00:19:A1:F6:00:75
    -bash: sdptools: command not found
    bt ~ # wtf
    -bash: wtf: command not found
    bt ~ # sdptools browse--l2cap 00:19:A1:F6:00:75
    -bash: sdptools: command not found
    bt ~ # sdptools browse--12cap 00:19:A1:F6:00:75
    -bash: sdptools: command not found
    bt ~ # sdptools browse --12cap 00:19:A1:F6:00:75
    -bash: sdptools: command not found
    bt ~ # ok wtf
    The proper syntax is "sdptool" not "sdptools"
    There's no fate but what we make for ourselves.

    -I already know I cant spel-

  5. #15
    Junior Member NoobBiscUiT's Avatar
    Join Date
    Jun 2007
    Posts
    58

    Default

    wow.
    now it worked

  6. #16
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Hello,

    First thing is first, I thank you for providing us with such an informative guide. Much appreciated man!

    Okay here is my question/problem:
    Code:
    bt ~#bluesnarfer -r 1-100 -C 4 -b FF:FF:FF:FF:FF:FF
    devicename: Nokia 6230
    I surfed a few channels, but channel 4 caught my attention. My phone asks me to connect with my BlueTooth dongle and asks for a 16 digit code in repsonse to the command. Now, I know of '0000' as default..but a '16' digit code? Im really confused here. I do know that channel 4 is the Sim Card, but every other port doesnt give me any answers apart from a pairing code which 'Never' works when given [0000] as BT rejects it. Maybe within the bluesnarfer command I should add a 'key' [0000] in order to pair, but I can not figure out which segment of the command to add this.

    Here is a dump of my sdptool results:
    Code:
    bt ~ # sdptool browse --l2cap 00:FF:00:FF:00:FF
     
     
    Browsing 00:FF:00:FF:00:FF ...
    Service Name: OBEX Object Push
    Service RecHandle: 0x1001c
    Service Class ID List:
       "OBEX Object Push" (0x1105)
    Protocol Descriptor List:
       "L2CAP" (0x0100)
       "RFCOMM" (0x0003)
         Channel: 9
       "OBEX" (0x0008)
    Language Base Attr List:
       code_ISO639: 0x656e
       encoding:    0x6a
       base_offset: 0x100
    Profile Descriptor List:
       "OBEX Object Push" (0x1105)
         Version: 0x0100
     
    Service Name: OBEX File Transfer
    Service RecHandle: 0x1001d
    Service Class ID List:
       "OBEX File Transfer" (0x1106)
    Protocol Descriptor List:
       "L2CAP" (0x0100)
       "RFCOMM" (0x0003)
         Channel: 10
       "OBEX" (0x0008)
    Language Base Attr List:
       code_ISO639: 0x656e
       encoding:    0x6a
       base_offset: 0x100
    Profile Descriptor List:
       "OBEX File Transfer" (0x1106)
         Version: 0x0100
     
    Service Name: Dial-up networking
    Service RecHandle: 0x1001e
    Service Class ID List:
       "Dialup Networking" (0x1103)
       "Generic Networking" (0x1201)
    Protocol Descriptor List:
       "L2CAP" (0x0100)
       "RFCOMM" (0x0003)
         Channel: 1
    Language Base Attr List:
       code_ISO639: 0x656e
       encoding:    0x6a
       base_offset: 0x100
    Profile Descriptor List:
       "Dialup Networking" (0x1103)
         Version: 0x0100
     
    Service Name: Nokia PC Suite
    Service RecHandle: 0x1001f
    Service Class ID List:
       "Serial Port" (0x1101)
    Protocol Descriptor List:
       "L2CAP" (0x0100)
       "RFCOMM" (0x0003)
         Channel: 15
    Language Base Attr List:
       code_ISO639: 0x656e
       encoding:    0x6a
       base_offset: 0x100
     
    Service Name: COM 1
    Service RecHandle: 0x10020
    Service Class ID List:
       "Serial Port" (0x1101)
    Protocol Descriptor List:
       "L2CAP" (0x0100)
       "RFCOMM" (0x0003)
         Channel: 3
    Language Base Attr List:
       code_ISO639: 0x656e
       encoding:    0x6a
       base_offset: 0x100
     
    Service Name: Voice Gateway
    Service RecHandle: 0x10021
    Service Class ID List:
       "Handfree Audio Gateway" (0x111f)
       "Generic Audio" (0x1203)
    Protocol Descriptor List:
       "L2CAP" (0x0100)
       "RFCOMM" (0x0003)
         Channel: 13
    Language Base Attr List:
       code_ISO639: 0x656e
       encoding:    0x6a
       base_offset: 0x100
    Profile Descriptor List:
       "Handsfree" (0x111e)
         Version: 0x0101
     
    Service Name: Audio Gateway
    Service RecHandle: 0x10022
    Service Class ID List:
       "Headset Audio Gateway" (0x1112)
       "Generic Audio" (0x1203)
    Protocol Descriptor List:
       "L2CAP" (0x0100)
       "RFCOMM" (0x0003)
         Channel: 12
    Language Base Attr List:
       code_ISO639: 0x656e
       encoding:    0x6a
       base_offset: 0x100
    Profile Descriptor List:
       "Headset" (0x1108)
         Version: 0x0100
     
    Service Name: Client SYNCML
    Service RecHandle: 0x10024
    Service Class ID List:
       UUID 128: 00000002-0000-1000-8000-0002ee000002
    Protocol Descriptor List:
       "L2CAP" (0x0100)
       "RFCOMM" (0x0003)
         Channel: 11
       "OBEX" (0x0008)
    Language Base Attr List:
       code_ISO639: 0x656e
       encoding:    0x6a
       base_offset: 0x100
     
    Service RecHandle: 0x10025
    Service Class ID List:
       UUID 128: 00005001-0000-1000-8000-0002ee000001
    Protocol Descriptor List:
       "L2CAP" (0x0100)
         PSM: 21505
     
    Service RecHandle: 0x10026
    Service Class ID List:
       UUID 128: 00005002-0000-1000-8000-0002ee000001
    Protocol Descriptor List:
       "L2CAP" (0x0100)
       "RFCOMM" (0x0003)
         Channel: 14
     
    Service RecHandle: 0x10027
    Service Class ID List:
       UUID 128: 00005003-0000-1000-8000-0002ee000001
    Protocol Descriptor List:
       "L2CAP" (0x0100)
         PSM: 22529
     
    Service Name: SIM ACCESS
    Service RecHandle: 0x10028
    Service Class ID List:
       "SIM Access" (0x112d)
       "Generic Telephony" (0x1204)
    Protocol Descriptor List:
       "L2CAP" (0x0100)
       "RFCOMM" (0x0003)
         Channel: 4
    Language Base Attr List:
       code_ISO639: 0x656e
       encoding:    0x6a
       base_offset: 0x100
    Profile Descriptor List:
       "SIM Access" (0x112d)
         Version: 0x0100
    Another thing is, when I watched a few videos and read a few PDF files on bluesnarfing, the target phones never asked for pairing. Does this mean that the cell phone that I am pentesting is not vunerable to bluesnarfer [Nokia 6230]?

    Also, I was messing around with the commands, exploring..seeing what they do so I can understand them more. After I pentested my cell phone I realised that what I did to it must have enabled a handset because now I can listen to my radio on my phone 'WITHOUT' connecting a handset. The handset is required to listen to the radio. [Yes..I set it on loudspeaker to listen]...this is kinda strange, never seen anything on the net about it...maybe I discovered a new hack I dont know [Any suggests/opinions on this would be great].

    And again, great tutorial!
    [Maybe people should bump this one so it doesnt get lost like a few of my tuts lol].

    --Denv

  7. #17
    Junior Member NoobBiscUiT's Avatar
    Join Date
    Jun 2007
    Posts
    58

    Default

    ok so


    bt ~ # bluebugger -m bill -c 8 -a 00:19:A1:F6:00:75 messages

    bluebugger 0.1 ( MaJoMu | ww.codito.de )
    -----------------------------------------

    Target Device: '00:19:A1:F6:00:75'
    Target Name: 'LG shadow '

    tcgetattr failed: Input/output error
    bt_rfcomm_config() failed
    ...done

    i know rfcomm refused is a channel error but what are these ones?
    myguess is that i entered something wrong

  8. #18
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by ZaTch View Post
    ok so


    bt ~ # bluebugger -m bill -c 8 -a 00:19:A1:F6:00:75 messages

    bluebugger 0.1 ( MaJoMu | ww.codito.de )
    -----------------------------------------

    Target Device: '00:19:A1:F6:00:75'
    Target Name: 'LG shadow '

    tcgetattr failed: Input/output error
    bt_rfcomm_config() failed
    ...done

    i know rfcomm refused is a channel error but what are these ones?
    myguess is that i entered something wrong
    Man posting stuff like that could be trouble. Looks like your posting privelages have been removed. Should enter false/pretend credentials from now on man.

    So about my previous post, does anyone have a clue to why modern phones ask for pairing whilst running bluesnarf? Does this mean that the phone is not vulnerable? Thanks.

  9. #19
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by The_Denv View Post
    Man posting stuff like that could be trouble. Looks like your posting privelages have been removed. Should enter false/pretend credentials from now on man.
    The removal of posting privileges, has nothing to do with this thread or post, it was due to actions in another part of the forum.

  10. #20
    Just burned his ISO
    Join Date
    Nov 2007
    Posts
    1

    Default

    Hello,

    I was wondering, could you tell me which BlueTooth USB dongle you are using? I am using a "SWEEX" version which should work from 100m distance but it's not. I'm getting the same "rfcomm" error everyone else is getting.

    Would buying another one solve the problem? I'm asking this since you're also using BackTrack and DID get it to work. Then the only option MUST be that it's the dongle's problem, maybe it's not compatible with Linux.

    Thanks a lot.

Page 2 of 5 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •