6/21/2023 0 Comments App wrapper to spawn shells![]() ![]() Loc_addr.rc_bdaddr = *BDADDR_ANY // Cualquier adaptador disponible en la máquina S = socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM) #define BANNER " You are connected to the device!n" Programming a small server accepting connections is quite easy since it is similar to how it should be done for TCP/IP: #include 0x01 – Connecting with the attacker via Bluetoothįor simplicity’s sake, the information exchange between the compromised machine and the Red Team is carried out via RFCOMM protocol which is well-supported. On the other hand, in the scenario suggested to the Read Team, the laptop is being used by a worker who uses a limited account but who is enabled to carry out administrative tasks in the machine using sudo.ĭuring the last years, how to run commands in the machine using social engineering and devices emulating keyboards and similar strategies has been widely described in different articles and that is the reason why, this information is not included in this post. However, taking into account the given scenario, another way was explored: Establishing communication via Bluetooth. The easiest way might be probably raising a small Wi-Fi access point and connecting the compromised machine to it. ![]() 0x00 – Introductionĭifferent alternatives should be taken into account in order to carry out the manipulation remotely due to the operation nature and the existing clear restriction since the objective machine is not connected to internet. How to run binaries in memory in order to reduce our trace.How to abuse sudo cache in order to raise privileges.How to obtain an interactive shell in order to run commands.How to exchange information via RFCOMN between two devices with Bluetooth.The main aim of this post, which is addressed to a junior audience, is documenting and explaining the following points: In this post, it is explained the physical intrusion process followed in a Linux laptop without internet connection, although Wi-Fi and Bluetooth is available. This requires redesigning how to confront this type of particular scenarios. Occasionally, one or several phases requiring physical access to a machine are included during Red Team exercises. 0x03 – Raising privileges via sudo cache.0x01 – Connecting with the attacker via Bluetooth.
0 Comments
Leave a Reply. |