Bluetooth Attacks

[CC_Prisca]

Hi! I have the Signal Owl and the Bluetooth dongle that cams in the full kit.

I'm trying to use the bluetooth_scan payload, but it doesn't work. I copied the payload in the /root/payload folder with the name payload.txt, but once the owl starts in attack mode, the led blinks a couple of times and then the light is off and nothing else happens. No more blinking or red led at all. It's not "payload error" blinking slowly (which I got earlier on a Wifi payload test), it just turns off and nothing happens.

Doing some troubleshooting, I realized the HCI0 interface was down when I turned on the Owl, so I turned it on mannualy. The problem is that I can turn it on manually in Arming mode, through SSH, but then to go back to Attack mode I need to reboot the device and I guess it's going down again.

Here is a screenshot of the hci interface:

 

Is anyone having this problema or has any idea how to fix it?

Thanks!!

[blf]

Boot into arming mode with your bluetooth dongle attached, then enable it with:

hciconfig hci0 up

Make sure there is another active bluetooth device around, then run:

hcitool scan

Does this produce output? This is the first thing that the bluetooth scan payload does.

Also, try running the payload manually in arming mode. Make sure it's executable, then run it:

chmod +x /root/payload/payload.txt
./root/payload/payload.txt

While it's running, check /tmp/payload.log to see if there is any output.

Let me know how it goes.

[active8]

I am also not having much success with bluetooth payloads.  I have been using the BT dongle that I bought with the Signal Owl.  Even after using hciconfig hci0 up, I am not seeing any result from hcitool scan.  hcidump --raw is also not producing any hits.  I can use bluetoothctl then scan on and I can see lots of bluetooth devices.

Has anyone had success with hcitool?  I can't get the payload to run, automatically, or manually.  Even just running hcitool scan from terminal does not produce any hits.

root@Owl:~/loot/bluetooth_scan# hciconfig
hci0:   Type: Primary  Bus: USB
        BD Address: 00:1A:7D:DA:71:13  ACL MTU: 310:10  SCO MTU: 64:8
        UP RUNNING 
        RX bytes:69881 acl:0 sco:0 events:1969 errors:0
        TX bytes:1331 acl:0 sco:0 commands:101 errors:0

root@Owl:~/loot/bluetooth_scan# hcitool dev
Devices:
        hci0    00:1A:7D:DA:71:13

root@Owl:~/loot/bluetooth_scan# hcitool scan
Scanning ...
root@Owl:~/loot/bluetooth_scan# 

 

root@Owl:~# bluetoothctl
Agent registered
[bluetooth]# scan on
Discovery started
[CHG] Controller 00:1A:7D:DA:71:13 Discovering: yes
[NEW] Device CE:48:9D:25:E2:D9 Sense
[NEW] Device 7A:78:15:2D:2C:8C 7A-78-15-2D-2C-8C
[NEW] Device 50:EA:B3:E8:F0:15 LE-Bose SoundSport
[CHG] Device CE:48:9D:25:E2:D9 RSSI: -81
[NEW] Device 41:C3:45:B9:FE:44 41-C3-45-B9-FE-44
[CHG] Device 50:EA:B3:E8:F0:15 RSSI: -82
[CHG] Device CE:48:9D:25:E2:D9 RSSI: -72
[CHG] Device 50:EA:B3:E8:F0:15 RSSI: -74
[CHG] Device CE:48:9D:25:E2:D9 RSSI: -81
[CHG] Device 41:C3:45:B9:FE:44 RSSI: -83
[NEW] Device 30:57:14:AF:FE:04 iPhone
[NEW] Device 5D:E7:70:30:CD:99 LE-Bose SoundSport
[bluetooth]# scan off
Discovery stopped
[CHG] Controller 00:1A:7D:DA:71:13 Discovering: no
[CHG] Device 5D:E7:70:30:CD:99 TxPower is nil
[CHG] Device 5D:E7:70:30:CD:99 RSSI is nil
[CHG] Device 30:57:14:AF:FE:04 RSSI is nil
[CHG] Device 41:C3:45:B9:FE:44 TxPower is nil
[CHG] Device 41:C3:45:B9:FE:44 RSSI is nil
[CHG] Device 50:EA:B3:E8:F0:15 TxPower is nil
[CHG] Device 50:EA:B3:E8:F0:15 RSSI is nil
[CHG] Device 7A:78:15:2D:2C:8C TxPower is nil
[CHG] Device 7A:78:15:2D:2C:8C RSSI is nil
[CHG] Device CE:48:9D:25:E2:D9 RSSI is nil
[bluetooth]#