The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
- Hot
- Active
-
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
3 days ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
1 wk ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 2 Replies
1 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
1 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
2 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
3 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
3 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
3 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
3 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
3 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
3 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
3 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
4 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
4 mo ago -
Forum Thread: How to Run and Install Kali Linux on a Chromebook 18 Replies
5 mo ago -
Forum Thread: How to Find Admin Panel Page of a Website? 13 Replies
6 mo ago -
Forum Thread: can i run kali lenux in windows 10 without reboting my computer 4 Replies
6 mo ago -
Forum Thread: How to Hack School Website 11 Replies
6 mo ago -
Forum Thread: Make a Phishing Page for Harvesting Credentials Yourself 8 Replies
6 mo ago -
Forum Thread: Creating an Completely Undetectable Executable in Under 15 Minutes! 38 Replies
8 mo ago
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To: Hack Apache Tomcat via Malicious WAR File Upload
-
How To: Use Command Injection to Pop a Reverse Shell on a Web Server
-
How To: Bypass File Upload Restrictions on Web Apps to Get a Shell
-
How To: Top 10 Things to Do After Installing Kali Linux
-
How to Hack Wi-Fi: Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To: Break into Router Gateways with Patator
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
How To: Gain SSH Access to Servers by Brute-Forcing Credentials
-
Android for Hackers: How to Turn an Android Phone into a Hacking Device Without Root
-
How To: Find Passwords in Exposed Log Files with Google Dorks
-
How To: Perform Advanced Man-in-the-Middle Attacks with Xerosploit
-
How To: Set Up a Wi-Fi Spy Camera with an ESP32-CAM
-
How To: Exploit PHP File Inclusion in Web Apps
-
How To: Use SpiderFoot for OSINT Gathering
-
Tutorial: DNS Spoofing
-
How To: Use MDK3 for Advanced Wi-Fi Jamming
-
Video: How to Crack Weak Wi-Fi Passwords in Seconds with Airgeddon on Parrot OS
-
How To: Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust Attack Using Airgeddon
-
How To: Dox Anyone
7 Responses
Any link for that video?
There u go
Too bad there isnt any video on how it works. This feels like one of the thousands video's on youtube on "hack Facebook with 1 button"
https://www.exploit-db.com/docs/39527.pdf
You can go through the full research paper PDF (above mentioned link) that provides enough details to create a fully working and successful exploit.
Here's How the New Stagefright Exploit Works .Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:
Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.
Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.
Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.
Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.
The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.
How they are doing
Share Your Thoughts