If anyone remembers the Stagefright exploit (CVE-2015-1538 I think) you would remember that it could potentially achieve root access by sending a corrupt video file to an android device running an un-patched version, with no user interaction required.
My question is, has anyone actually ever replicated this exploit, or has it ever been used in a crime that we know of? I can't even try to replicate it because I don't have an android device and you can't send MMS on the android VM.
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
How To:
Exploit EternalBlue on Windows Server with Metasploit
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Make Your Own Bad USB
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
How To:
Scan, Fake & Attack Wi-Fi Networks with the ESP8266-Based WiFi Deauther
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
How To:
Scrape Target Email Addresses with TheHarvester
How To:
Clone Login Forms Manually and Get Login Credentials!
How To:
Dox Anyone
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
How To:
Get Root with Metasploit's Local Exploit Suggester
How To:
Create a Persistent Back Door in Android Using Kali Linux:
How To:
Find Anyone's Private Phone Number Using Facebook
Rainbow Tables:
How to Create & Use Them to Crack Passwords
How To:
Install & Use the Ultra-Secure Operating System OpenBSD in VirtualBox
How To:
Regain Access to Lubuntu After Loss of Password (Windows 7)
How To:
Crack SSH Private Key Passwords with John the Ripper
1 Response
From what I understand, the issue is that the exploit only get you remote code execution but then you still have the problem of finding the correct place in the stack to run your code. This is rendered harder by the factor that many of the newer model of android have "anti-stack corrupting" measure, making harder to reliably run your code.
Pair this with the fact that there are 100's of different kinds of android devices that all works differently. To make an exploit that can reliably be used would be hard to say the least.
All that to say that it would take a fairly skilled and dedicated hacker to make something of it.
Cheers,
Washu
Share Your Thoughts