Blog Post Actions
Group Actions
Engagement
  • Author Author: jkutzsch
  • Date Created: Date Created
  • Views 208 views
  • Likes 4 likes
  • Comments 4 comments
Related
Recommended

BTU - Project LOKI.09 - Tools!

jkutzsch

First off a picture of something cool I picked up on my trip for the Project.

 

 

You can see BlueDude getting ready to do some serious Surfing.  :-)

 

But the item I would like to draw your attention to is the Twenty Thousand Leagues Under The Seas.

 

A hollow book that hopefully will enclose Project Loki even with the 7" touchscreen!

 

Okay, when we last blogged we decided to look and see if there were any bluetooth tools installed with this version of Kali since I was not finding anything in the StickyPi menu system.

 

Reading through some webinfo pages hinted that Kali should have bluetooth tools under Wireless Attacks.

 

Here is an example from an interesting article on null-byte.wonderhowto.com.

 

 

To see the full article please go here.  There are some other bluetooth articles there as well if you wander through.

 

It is a set of older articles though and as always with technology, the constant updates and upgrades can make some information historical but not accurate with current tools.

 

So let's see what Project Loki currently has.

 

 

Okay, as we can see our default load of applications does not seem to include any of the Bluetooth Tools.

 

Well that is not going to work for my project so let's see what needs to be done to add some tools.

 

Well this looks promising!   https://tools.kali.org/

 

We have Tools, Metapackages and Version Tracking.

 

Let's see what we can find under Tools.

 

 

Wow, that is a lot of tools!

 

Broken down into sections:

Information Gathering:  69 tools listed.

Vulnerability Analysis:  29 tools listed.

Exploitation Tools:  21 tools listed.

Wireless Attacks:  53 tools listed.

Forensics Tools:  23 tools listed.

Web Applications:  44 tools listed.

Stress Testing:  14 tools listed.

Sniffing & Spoofing :  31 tools listed.

Password Attacks:  41 tools listed.

Maintaining Access:  18 tools listed.

Hardware Hacking:  6 tools listed.

Reverse Engineering:  11 tools listed.

Reporting Tools:  10 tools listed.

 

 

For a total of 370 tools listed.  To be fair some of these tools are listed in multiple sections since they can serve in multiple capabilities.

 

Still pretty impressive amount of options to play with.  But to save time I had read that the Metapackages had been updated to include a Wireless Tools package.

 

So let's take a look at the Metapackage options.

 

 

This sounds promising when you don't want to go through a large tool box of unknown tools!  From the website:

 

"Metapackages give you the flexibility to install specific subsets of tools based on your particular needs. For instance, if you are going to conduct a wireless security assessment, you can quickly create a custom Kali ISO and include the kali-linux-wireless metapackage to only install the tools you need."

 

In their example they even tell us of the Metapackage we are most likely looking for, kali-linux-wireless.  But to be sure let's see what they are covering.

 

 

kali-linux : The Base Kali Linux System

 

 

kali-linux-full : The Default Kali Linux Install

 

 

kali-linux-all : All Available Packages in Kali Linux

 

 

kali-linux-sdr : Software Defined Radio (SDR) Tools in Kali

 

 

kali-linux-gpu : Kali Linux GPU-Powered Tools

 

 

kali-linux-wireless : Wireless Tools in Kali

 

 

kali-linux-web : Kali Linux WebApp Assessment Tools

 

 

kali-linux-forensic : Kali Linux Forensic Tools

 

 

kali-linux-voip : Kali Linux VoIP Tools

 

 

kali-linux-pwtools : Kali Linux Password Cracking Tools

 

 

kali-linux-top10 : Top 10 Kali Linux Tools

 

 

kali-linux-rfid : Kali Linux RFID Tools

 

Each package has a drop down list that will display specifically what is in it.
Let's see what our kali-linux-wireless has:

 

  • kali-linux
  • kali-linux-sdr
  • aircrack-ng
  • pyrit
  • asleap
  • bluelog
  • bluemaho[amd64,i386]
  • bluepot
  • blueranger
  • bluesnarfer
  • bluez
  • bluez-hcidump
  • btscanner
  • bully
  • cowpatty

 

 

  • crackle
  • eapmd5pass
  • fern-wifi-cracker
  • giskismet
  • iw
  • killerbee
  • kismet
  • libfreefare-bin
  • libnfc-bin
  • macchanger
  • mdk3
  • mfcuk
  • mfoc
  • mfterm

 

 

  • oclhashcat[amd64,i386]
  • python-rfidiot
  • reaver
  • redfang
  • rfcat
  • rfkill
  • sakis3g
  • spectools
  • spooftooph
  • ubertooth
  • wifi-honey
  • wifitap
  • wifite
  • wireshark

 

That is a large assortment of tools, I am seeing a few of them that I have seen referenced for Bluetooth tools.  So let's go with this one!
If you are still here on the menu and haven't jumped over to X on TFT, you can use the Terminal button.  I actually had been looking at things through X on TFT to see what was default installed and so I stayed there and used the Terminal option from there.
sudo apt update && sudo apt install kali-linux-wireless
This gets lengthy / time involved, so be prepared!
Keep rolling with the install.  Glad I got the 32gig card!
Yes, yes it did take some time!  But finally we are Done!
So jumping back to check our Wireless Attacks and we see quite a bit more!
Looking under Bluetooth Tools give us:
bluelog- "Bluelog is a Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring. It’s intended to be run for long periods of time in a static location to determine how many discoverable Bluetooth devices there are in the area."
blueranger- "BlueRanger is a simple Bash script which uses Link Quality to locate Bluetooth device radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since most devices allow pings without any authentication or authorization. The higher the link quality, the closer the device (in theory)."
bluesnarfer- "A Bluetooth bluesnarfing Utility."
btscanner- "btscanner is a tool designed specifically to extract as much information as possible from a Bluetooth device without the requirement to pair. A detailed information screen extracts HCI and SDP information, and maintains an open connection to monitor the RSSI and link quality. btscanner is based on the BlueZ Bluetooth stack, which is included with recent Linux kernels, and the BlueZ toolset. btscanner also contains a complete listing of the IEEE OUI numbers and class lookup tables. Using the information gathered from these sources it is possible to make educated guesses as to the host device type.btscanner is a tool designed specifically to extract as much information as possible from a Bluetooth device without the requirement to pair. A detailed information screen extracts HCI and SDP information, and maintains an open connection to monitor the RSSI and link quality. btscanner is based on the BlueZ Bluetooth stack, which is included with recent Linux kernels, and the BlueZ toolset. btscanner also contains a complete listing of the IEEE OUI numbers and class lookup tables. Using the information gathered from these sources it is possible to make educated guesses as to the host device type."
crackle- "crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK (Temporary Key). With the TK and other data collected from the pairing process, the STK (Short Term Key) and later the LTK (Long Term Key) can be collected."
redfang- "RedFang is a small proof-of-concept application to find non discoverable Bluetooth devices. This is done by brute forcing the last six (6) bytes of the Bluetooth address of the device and doing a read_remote_name()."
spooftooph- "Spooftooph is designed to automate spoofing or cloning Bluetooth device information. Make a Bluetooth device hide in plain site."
So we now have tools!
Anonymous
  • in reply to DAB

    None of this is through individually distributed tools.  This is a Metapackage distributed by the Offensive Security Team who puts out Kali.  I pulled the sources directly from them and they have been providing the Kali Package for a few years now. 

     

    Let me rephrase, while all of these can be individually downloaded, my download was one package controlled and monitored by the Kali community.  :-)

     

    I can't guarantee that any of these might not have some modification slipped in there, something we see from even the major companies, but I am going with the idea that Kali is a security tool offered to the public and used by many many professionals. 

     

    Most of these tools are scripts using default Bluetooth commands or items that have been available for a few years now.  I have been keeping my eye out for something new but not finding anything that looks better than the classic ones.

  • Nice update.

     

    What is the risk that you just downloaded some trojan software?

     

    DAB

  • in reply to genebren

    Short answer, I believe so.  That is the intent of the next post.  To actually test out the tools and see if they do what we want!  :-)

  • Good to see that you found some bluetooth tools, but did you find any that will help you?

    Good luck.

    Gene