Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 45

Thread: Bluesnarfer & Bluebugger Guide With Backtrack

  1. #21
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Im starting to believe that bluesnarfing is outdated.

    Seems to me that the bluesnarfing programs are full of hex errors [on purpose], I seriously think that no modern phones can now be bluesnarffed. Its been nearly a year for me, and I still have not found a vulnerable phone.

    Does this really work, Id hate to give up hope in it. [Seriously, I've spent a YEAR! [omg, Im only realizing this now..that is a loong time ]

    It also appears that noone here knows or is willing to provide any information. On that note, bluesnarfer should have came with a warning, stating that in order to use the thing you need to be smart enough to repair the hex errors...at least with this way we know that its all heXxed to bits...OR, 97% of phones are not vulnerable.

    I would seriously appreciate some comments on this post. It would seriously help a lot and I would probably get to sleep at night

  2. #22
    Junior Member NoobBiscUiT's Avatar
    Join Date
    Jun 2007
    Posts
    58

    Default

    Quote Originally Posted by The_Denv View Post
    Man posting stuff like that could be trouble. Looks like your posting privelages have been removed. Should enter false/pretend credentials from now on man.

    So about my previous post, does anyone have a clue to why modern phones ask for pairing whilst running bluesnarf? Does this mean that the phone is not vulnerable? Thanks.
    i can manipulate the Bluetooth address on my phone, its not a big deal


    Quote Originally Posted by escobar View Post
    Hello,

    I was wondering, could you tell me which BlueTooth USB dongle you are using? I am using a "SWEEX" version which should work from 100m distance but it's not. I'm getting the same "rfcomm" error everyone else is getting.

    Would buying another one solve the problem? I'm asking this since you're also using BackTrack and DID get it to work. Then the only option MUST be that it's the dongle's problem, maybe it's not compatible with Linux.

    Thanks a lot.
    im using a cheap ebay one, with an antenna.
    depends on the one you buy, if you makeshift a dish with your dongle then you'll really start to pick up stuff!
    i dont know if you plugged your bluetooth dongle in prior to doing the startx/flux thing but if you do it while you boot backtrack it will work,
    then you have to do the hciconfig hci0 deal. guessin you knew that already though

  3. #23
    Junior Member NoobBiscUiT's Avatar
    Join Date
    Jun 2007
    Posts
    58

    Default

    Quote Originally Posted by The_Denv View Post
    Im starting to believe that bluesnarfing is outdated.

    Seems to me that the bluesnarfing programs are full of hex errors [on purpose], I seriously think that no modern phones can now be bluesnarffed. Its been nearly a year for me, and I still have not found a vulnerable phone.

    Does this really work, Id hate to give up hope in it. [Seriously, I've spent a YEAR! [omg, Im only realizing this now..that is a loong time ]

    It also appears that noone here knows or is willing to provide any information.
    WEIRD!! you noticed that too?? hmm...wait isn't that exactly why i couldn't post for three days? because i made that apparent?


    Quote Originally Posted by The_Denv View Post
    On that note, bluesnarfer should have came with a warning, stating that in order to use the thing you need to be smart enough to repair the hex errors...at least with this way we know that its all heXxed to bits...OR, 97% of phones are not vulnerable.

    I would seriously appreciate some comments on this post. It would seriously help a lot and I would probably get to sleep at night
    dont give up!
    this stuff works, ya just need to monkey with it

  4. #24
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    There are a lot of platforms with wide open bluetooth exploits... the industry standard seems to be the cheaper the phone plan, the more mass produced the exploitable device (and no, you're not going to get me to slander any company specifically so plz do not ask which manufacturers' devices are wide open).
    dd if=/dev/swc666 of=/dev/wyze

  5. #25
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    Nice post Dr_GrEeN, thanks for info


    I'm stuck though, and if anyone has got around this I would appreciate info.

    I have got the hci up (had to blacklist the pegasus driver)

    I can scan, l2ping and 'sdptool browse' to the phone(s) fine.

    I do these
    bt ~ # mkdir -p /dev/bluetooth/rfcomm
    bt ~ # mknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0
    bt ~ # mknod --mode=666 /dev/rfcomm0 c 216 0


    and these now exist as they should (I have checked the devices.txt and its 216 0 (i know you know thats fine but just showing ive researched into this lol))


    However when I do the
    bluesnarfer -r 1-100 -C 7 -b 00:11:22:33:44:55 (with hex code swapped appropriatly)

    The phone asks for the pin and about 10 seconds later Konsole gives me:

    devicename andy90
    bluesnarfer: tcgetattr failed, Input/Error error
    bluesnarfer: bt_rfcomm_config failed
    bluesnarfer: unable to create rfcomm connection
    bluesnarfer: release rfcomm ok


    Whats weird is that /dev/rfcomm0 is gone?!? as though last command deleted it.






    If (instead of bluesnarfer) I do the bluebugger command
    bluebugger -c 7 -a 00:11:22:33:44:55 info

    then Konsole comes up with the mac address, followed by the device name (which is correct) then

    Cannot open '/dev/rfcomm0': Connection refused


    and again the /dev/rfcomm0 file has gone.




    I have tried this on an upto date Nokia n73, incase this was too well patched for this attack I used my old SPV-M2000 from work.

    I have tried creating the c link as /dev/rfcomm (as thats the default bluebugger says is the default then it complains it cannot find /dev/rfcomm00 eh?)

    Spent a lot of time on google looking for 'tcgetattr' and 'bt_rfcomm_config' but cant find anything, few people with same but no answers that I can find.

    The only thing im not sure on is the channel. The nokia is channel 3 for everything, and its not working on this. The SPV-M2000 uses channels 1-8, tried all of these and still nothing.


    kernel - 2.6.20-BT-PwnSauce-NOSMP
    dongle - Belkin F8T012xx1

    Anything appreciated.
    wtf?

  6. #26
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default

    Sorry about the late reply, I had my posting privileges removed I'm now in the process of making a video tutorial with lots more explained should be able to post it in a bit

  7. #27
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by ZaTch View Post
    WEIRD!! you noticed that too?? hmm...wait isn't that exactly why i couldn't post for three days? because i made that apparent?

    dont give up!
    this stuff works, ya just need to monkey with it
    Hey lol, thanks for keeping my chin up Yeh, playing with it and finally getting it to work is a fantastic feeling.

    Quote Originally Posted by swc666 View Post
    There are a lot of platforms with wide open bluetooth exploits... the industry standard seems to be the cheaper the phone plan, the more mass produced the exploitable device (and no, you're not going to get me to slander any company specifically so plz do not ask which manufacturers' devices are wide open).
    Yeh I know a few companies are wide open, but as I was previously mentioning about more and more phones today are not vulnerable than what they were when bluensnarfing started.

    Quote Originally Posted by Dr_GrEeN View Post
    Sorry about the late reply, I had my posting privileges removed I'm now in the process of making a video tutorial with lots more explained should be able to post it in a bit
    Huh, what? Why were your posting privileges removed, I didnt see anything wrong that you have done. Cant wait for the video man, I hope its an eye-opener

  8. #28
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Dr Gr33n Knocked up my Mom, So I had his posting privee's removed. Good Tut there Dr. Gr33n. I've always had issues with bluetooth. I gave up on it.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  9. #29
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    8

    Default Help with error messege

    Hi

    Sorry to be such a noob, but could you please help me out with this? i am fine with everything up to the bluesnarfer command. when i enter the command:

    bt~#bluesnarfer -r 1-100 -b xx:xx:xx:xx:xx:xx

    i get the following messege

    device name: Timmy
    bluesnarfer : open /dev/bluetooth/rfcomm/0, Connection refused
    bluesnarfer : bt_rfcomm_config failed
    bluesnarfer : unable to create rfcomm connection
    bluesnarfer : release rfcomm ok

    i also get this when i enter the command with a channel number. Could someone please tell me what i am doing wrong?

    Regards

    Tim

  10. #30
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default

    Hey t_timmy2005

    Ok I get quite alot of questions about that error So I'm going to explain.

    The clue is in Connection refused, this means that the device has rejected your connection.

    What you are trying to do with these attacks is find an "open" channel. This means that the device you want to connect to will except connections from unauthenticated devices on that channel.

    Another way around this is to pre authenticate your computer. Although this is not a attack you could carry out with no interaction with the victim, but still once your box is authenticated you can then grab the phonebook etc. But you could grab the phone book, dial numbers and much more with just the bluez tools if your box was authenticated.

    These attacks will come back !!! Now the sniffing blue tooth connections for only £40 A future tutorial of mine days are here its possible to sniff a connection and grab the pin key.

    I have also put together a few tools and a python front end for pentesting devices, check out my blog.

Page 3 of 5 FirstFirst 12345 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •