The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
Forum Thread:
Who Can Help Me Get an Ip Address for Someone's Twitter Account Please?
4
Replies
Forum Thread:
Where the All Part of Recon-Ng Goes????
0
Replies
Forum Thread:
Gaining Access into the Victim's Whatsapp on Android
3
Replies
Forum Thread:
Hacking Devices Without Payload?!
6
Replies
Forum Thread:
Hide the Console (Cmd) Of an Exe
10
Replies
Forum Thread:
Hello,
0
Replies
Forum Thread:
How to Log Users Connecting to a Wifi Router?
3
Replies
Forum Thread:
Catching Exploits/Malware on a Live OS Honeypot!
3
Replies
Forum Thread:
Kali Linux Not Boot/Grub Loader Missing
2
Replies
Forum Thread:
Can You Run Kali Programs in Python on a Windows Computer?
1
Replies
Forum Thread:
Hacking Emails / SMTP Using Hydra / Bruteforce Tools
2
Replies
Forum Thread:
Mobile Hotspot Port Forwarding
12
Replies
Forum Thread:
How do i convert my EXE or JAR files to .pdf .doc .rar ETC..... to silent mode in kali Linux withou affecting the file.
2
Replies
Forum Thread:
Kali USB Loud Beep
10
Replies
Forum Thread:
Beginner
3
Replies
Forum Thread:
What Do Professional Hackers Do When No Vulnerabilities Can Be Found
6
Replies
Reverse Connection Fails:
Metasploit
12
Replies
Forum Thread:
Hack Without Sending an Executable?
10
Replies
Forum Thread:
TP-LINK WN822N Wireless USB Adapter Not Getting Detected in Kali Linux
1
Replies
Forum Thread:
Script on Android?
2
Replies
How To:
Scrape Target Email Addresses with TheHarvester
How To:
Sieze Control of a Router with Routersploit
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
How To:
Wardrive with the Kali Raspberry Pi to Map Wi-Fi Devices
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
How To:
Successfully Hack a Website in 2016!
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
How to Hack Wi-Fi:
Capturing WPA Passwords by Targeting Users with a Fluxion Attack
Hack Like a Pro:
How to Spy on Anyone, Part 1 (Hacking Computers)
Hack Like a Pro:
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
How To:
Hack Android Using Kali (Remotely)
How To:
Hack Windows 7 (Become Admin)
How To:
Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
How to Hack Wi-Fi:
Breaking a WPS PIN to Get the Password with Bully
Hack Like a Pro:
How to Hack Facebook, Part 2 (Facebook Password Extractor)
How To:
Set Up a Practice Computer to Kill on a Raspberry Pi 3
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
Social Engineering:
How to Use Persuasion to Compromise a Human Target
7 Responses
Any link for that video?
There u go
Too bad there isnt any video on how it works. This feels like one of the thousands video's on youtube on "hack Facebook with 1 button"
https://www.exploit-db.com/docs/39527.pdf
You can go through the full research paper PDF (above mentioned link) that provides enough details to create a fully working and successful exploit.
Here's How the New Stagefright Exploit Works .Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:
Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.
Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.
Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.
Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.
The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.
How they are doing
Share Your Thoughts