[email protected]:~# bluetoothctl
[NEW] Controller EE:EE:EE:EE:EE:EE [default]
[bluetooth]# power on
[CHG] Controller EE:EE:EE:EE:EE:EE Class: 0x300100
Changing power on succeeded
[CHG] Controller EE:EE:EE:EE:EE:EE Powered: yes
[bluetooth]# pairable on
Changing pairable on succeeded
[bluetooth]# scan on
Discovery started
[CHG] Controller EE:EE:EE:EE:EE:EE Discovering: yes
[bluetooth]# random: nonblocking pool is initialized
[NEW] Device B8:6C:E8:60:C0:8F Galaxy S9
[NEW] Device 74:68:75:2E:67:67 thug0
[bluetooth]# scan off
[CHG] Device 74:68:75:2E:67:67 RSSI is nil
[CHG] Device B8:6C:E8:60:C0:8F RSSI is nil
[CHG] Controller EE:EE:EE:EE:EE:EE Discovering: no
Discovery stopped
[bluetooth]# pair 74:68:75:2E:67:67
Attempting to pair with 74:68:75:2E:67:67
[CHG] Device 74:68:75:2E:67:67 Connected: yes
[CHG] Device 74:68:75:2E:67:67 UUIDs: 00001105-0000-1000-8000-00805f9b34fb
[CHG] Device 74:68:75:2E:67:67 UUIDs: 0000110a-0000-1000-8000-00805f9b34fb
[CHG] Device 74:68:75:2E:67:67 UUIDs: 0000110c-0000-1000-8000-00805f9b34fb
[CHG] Device 74:68:75:2E:67:67 UUIDs: 0000111f-0000-1000-8000-00805f9b34fb
[CHG] Device 74:68:75:2E:67:67 Paired: yes
Pairing successful
[CHG] Device 74:68:75:2E:67:67 Connected: no
[bluetooth]# trust 74:68:75:2E:67:67
[CHG] Device 74:68:75:2E:67:67 Trusted: yes
Changing 74:68:75:2E:67:67 trust succeeded
[bluetooth]# info 74:68:75:2E:67:67
Device 74:68:75:2E:67:67
Name: thug0
Alias: TwitchViewbot
Class: 0x5d253f98
Icon: phone
Paired: yes
Trusted: yes
Blocked: no
Connected: no
LegacyPairing: no
UUID: OBEX Object Push (00001105-0000-1000-8000-00805f9b34fb)
UUID: Audio Source (0000110a-0000-1000-8000-00805f9b34fb)
UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
UUID: Handsfree Audio Gateway (0000111f-0000-1000-8000-00805f9b34fb)
[bluetooth]# quit
[DEL] Controller EE:EE:EE:EE:EE:EE [default]
[email protected]:~# DBUS_SESSION_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket obexctl
[NEW] Client /org/bluez/obex 
[obex]# connect 74:68:75:2E:67:67
Attempting to connect to 74:68:75:2E:67:67
[NEW] Session /org/bluez/obex/client/session0 [default]
[NEW] ObjectPush /org/bluez/obex/client/session0 
Connection successful
[74:68:75:2E:67:67]# send /dev/shm/.thugkit0/20190709.apk
Attempting to send /dev/shm/.thugkit0/20190709.apk to /org/bluez/obex/client/session0
[NEW] Transfer /org/bluez/obex/client/session0/transfer0 
Transfer /org/bluez/obex/client/session0/transfer0
        Status: queued
        Name: 20190709.apk
        Size: 42000
        Filename: /dev/shm/.thugkit0/20190709.apk
        Session: /org/bluez/obex/client/session0
[CHG] Transfer /org/bluez/obex/client/session0/transfer0 Status: complete
[DEL] Transfer /org/bluez/obex/client/session0/transfer0 
^C 
[email protected]:~# apktool d 20190709.apk
[email protected]:~# cat 20190709/NOTES.NFO
                             ┌─────────────────────┐             ┌────────────────────┐
                             │                     │             │                    │
                             │     ┌───────┐       │             │        ┌─────────┐ │
       ┌─────┐               │     │  ┌─┐┌─┼─┐    ┌──┐  ┌────┐   │        │   ┌───┐ │ │
       │┌──┐ │┌────┐  ┌─┐    │┌─┐┌─┼──┼─┘│┌┼─┼─┐┌─┼──┼─┐│┌───┼─┐┌┼┐ ┌─┐  ┌┼┐┌─┼──┐│ │ │
       │└──┼─┼┼────┘  │ │┌─┐ ││ ││┌┼──┘  │││ │ ││┌┼──┼─┼┼┼───┼┐││││ │ │  ││││┌┼──┼┼┐│ │
       │   │ │└──┐┌┐  │ ││ │ ││ ││││     │││ └─┘││││ │ │││   ││││││ │ │  ││││││  ││││ │
       │   │ │   │││  │ ││ │ ││ ││││     │││    │└┼│─┼─┘││   ││││││ │ │  ││││││  ││││ │
       │   │ │   │└┼──┼─┘│ │ ││ ││││  ┌─┐│││    │┌┼│─┼─┐││   ││││││ │ │  ││││││  ││││ │
       │   │ │   │ │  │┌┐│ │ ││ ││││  │ ││││    ││││ │ │││   ││││││ │ │  ││││││  ││││ │
       │   │ │   │ │  ││││ │┌┘│ ││└┼──┼┐││││ ┌─┐││││ │ ││└───┼┘│└┼┼─┼─┼──┼┼┘│└┼──┼┘││ │
       │   └─┘   └─┘  └┼┘└─┼┼─┼─┘└─┼──┼┼┘│└┼─┼─┘└┼┘│ └─┘└────┼─┘ └┼─┼─┼──┼┘ └─┼──┼─┘│ │
       │               └───┘└┐└────┼──┘│ └─┘ └───┘ │         └────┘ │ └──┘    │  └──┘ │
       │                     │     └───┘           │                └─────────┘       │
       │                     │                     │                                  │
       └─────────────────────┘                     └──────────────────────────────────┘
       ┌─────────────────────┐ 20190709 - hackgnar ┌──────────────────────────────────┐
       │                                                                              │
       │   Tonight, we're talking to @hackgnar about hardware, wireless and BLECTF!   │
       │                                                                              │
       ├── N E W S ───────────────────────────────────────────────────────────────────┤
       │ ─ Zoom 0day                                                                  │
       │ ─ Canonical GitHub account hacked, Ubuntu source code safe                   │
       │   ─ Archived Page                                                            │
       │ ─ Top VPNs secretly owned by Chinese firms                                   │
       │ ─ Criminals Slurp $500,000 Through 7-Eleven Mobile Payment App               │
       │ ─ Microsoft Issues Warning For 50M Windows 10 Users                          │
       │ ─ TN men use Bluetooth-enabled tablet to steal cars                          │
       │ ─ Server image mystery in Georgia election security case                     │
       │ ─ 'Silence' hit banks in Bangladesh, India, Sri Lanka, and Kyrgyzstan        │
       │ ─ Logitech wireless USB dongles vulnerable to new hijacking flaws            │
       │ ─ Calls for 'urgent' improvements in NHS cyber security presented to         │
       │   Parliament                                                                 │
       │ ─ After a Data Breach, British Airways Faces a Record Fine                   │
       │ ─ Monero security flaw could've seen XMR stolen from crypto exchanges        │
       │ ─ Philadelphia Federal Credit Union customer accounts pilfered by fraudsters │
       ├── A C T I O N ───────────────────────────────────────────────────────────────┤
       │ ─ Petition for Google/Youtube regarding hacking video ban                    │
       │ ─ Fight For the Future - BAN FACIAL RECOGNITION                              │
       ├── G O O D R E A D S ─────────────────────────────────────────────────────────┤
       │ ─ FBI Investigates Leak Of 1,000 Pages Of Top Secret Air Force Intelligence  │
       │ ─ YouTube's Ban of Hacking Videos Moves Us Closer to an Entertainment-only   │
       │   Public Sphere                                                              │
       │ ─ Discord Spyware                                                            │
       │ ─ Logitech Vulns Disclosed                                                   │
       │ ─ Open Sesame! Zipato's smart hub hacked to open front doors                 │
       ├── U S E F U L / P R O J E C T S  ────────────────────────────────────────────┤
       │ ─ How to enable DNS-over-HTTPS in Firefox                                    │
       │ ─ 2600: concentrationcamps.us                                                │
       │ ─ BXAQ/Fengcai APK                                                           │
       │ ─ "A Better Zip Bomb"                                                        │
       ├── C H E A T S  ──────────────────────────────────────────────────────────────┤
       │ ─ eternalrelayx.py — Non-Admin NTLM Relaying & ETERNALBLUE Exploitation      │
       ├── S A F A R I  ──────────────────────────────────────────────────────────────┤
       │ ─ [hermit] phpbb dork                                                        │
       │ ─ [hermit] A whole lot of NOAA weather data                                  │
       │ ─ [hermit] WAMP Dork 1                                                       │
       │ ─ [hermit] WAMP Dork 2                                                       │
       │ ─ [leet_sauce] Toshiba: WAMP WAMP WAMP                                       │
       │ ─ [plazmaz] Crypto mining via jenkins jobs                                   │
       │ ─ [yuu] Small Business Community Award?                                      │
       │ ─ [yuu] Someone's subtle session hijack tool [WARNING: MALICIOUS]            │
       │ ─ [x0] hex-rays file transfer                                                │
       │ ─ [x0] "this defacement"                                                     │
       │ ─ [x0] POC REGMEM                                                            │
       ├──────────────────────────────────────────────────────────────────────────────┤
       │                                                                              │
       │                          W E E K L Y M I X by @0katz                         │
       │                                                                              │
       └──────────────────────────────────────────────────────────────────────────────┘