From 691ee8b150cb1b76f6108a010d8327ec1adeb5f0 Mon Sep 17 00:00:00 2001 From: Opabinia <144001335+pentestfunctions@users.noreply.github.com> Date: Wed, 17 Jan 2024 15:14:31 +1300 Subject: [PATCH] Update README.md --- README.md | 86 ++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 72 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 610e76c..25dcc3b 100644 --- a/README.md +++ b/README.md @@ -1,24 +1,82 @@ -# BlueDucky +# BlueDucky đŸĻ† -- Will modularize it later. +🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) +🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard) + +This is an implementation of the CVE discovered by marcnewlin [https://github.com/marcnewlin/hi_my_name_is_keyboard]

-1. Running the file you will be able to load saved bluetooth devices if they are no longer visible but bluetooth is still on - so you can attack them. -2. Any devices you scan will save -3. If no payload.txt is present it will instead send the text "Hello There" +## Introduction đŸ“ĸ +BlueDucky is a powerful tool for exploiting a vulnerability in Bluetooth devices. By running this script, you can: + +1. 📡 Load saved Bluetooth devices that are no longer visible but have Bluetooth still enabled. +2. 📂 Automatically save any devices you scan. +3. 💌 Send a default message ("Hello There") if no `payload.txt` is present. + +I've successfully run this on a Raspberry Pi 4 using the default Bluetooth module. It works against various phones, with an interesting exception for a New Zealand brand, Vodafone. + +## Installation and Usage 🛠ī¸ + +### Setup Instructions -### Duckyscript -- I am still implementing keyboard combinations -- Currently implemented: - 1. REM - 2. STRING - -So for example (payload.txt) ```bash -REM This is a comment and will not run -STRING type this on their phone hehe +# update apt +sudo apt-get update +sudo apt-get -y upgrade + +# install dependencies from apt +sudo apt install -y bluez-tools bluez-hcidump libbluetooth-dev \ + git gcc python3-pip python3-setuptools \ + python3-pydbus + +# install pybluez from source +git clone https://github.com/pybluez/pybluez.git +cd pybluez +sudo python3 setup.py install + +# build bdaddr from the bluez source +cd ~/ +git clone --depth=1 https://github.com/bluez/bluez.git +gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth +sudo cp bdaddr /usr/local/bin/ ``` +## Running BlueDucky +```bash +git clone https://github.com/pentestfunctions/BlueDucky.git +cd BlueDucky +python3 BlueDucky.py +``` + +## Operational Steps 🕹ī¸ +1. On running, it prompts for the target MAC address. +2. Pressing nothing triggers an automatic scan for devices. +3. Devices previously found are stored in known_devices.txt. +4. If known_devices.txt exists, it checks this file before scanning. +5. Executes using payload.txt file. +6. Successful execution will result in automatic connection and script running. + +## Duckyscript đŸ’ģ +🚧 Work in Progress: + +- Implementing keyboard combinations. +- Current implementations: +6.1 REM (Comment) +6.2 STRING (Text Input) + + +#### 📝 Example payload.txt: +```bash +REM This is a comment and will not run +STRING hello there 123 +``` + +## Enjoy experimenting with BlueDucky! 🌟 + + + + +