The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
- Hot
- Active
-
Forum Thread: How to Hack Wireless Password Through MAC Address and IP Address 25 Replies
2 days ago -
Forum Thread: Complete Guide to Creating and Hosting a Phishing Page for Beginners 50 Replies
6 days ago -
Forum Thread: HELP I Created an Apk for Hacking My Phone Using Kali Linux in Virtual Box How Can I Install That Apk on My Phone 18 Replies
2 wks ago -
Forum Thread: Mitm attack problem 2 Replies
3 wks ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 32 Replies
1 mo ago -
Metasploit Error: Handler Failed to Bind 40 Replies
1 mo ago -
Forum Thread: How to Know if You Are a Script Kiddie? 9 Replies
1 mo ago -
Forum Thread: How to Identify and Crack Hashes 8 Replies
1 mo ago -
Forum Thread: How to Hack School Website 8 Replies
1 mo ago -
Forum Thread: Whenever I Try "Airmon-Ng Start wlan0" There's an Error? 16 Replies
1 mo ago -
Forum Thread: How to Fix 'Failed to Detect and Mount CD-ROM' Problem When Installing Kali Linux 14 Replies
1 mo ago -
Forum Thread: Awesome Keylogging Script - BeeLogger 30 Replies
2 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 27 Replies
2 mo ago -
Forum Thread: Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom? 121 Replies
2 mo ago -
How to: Minecraft DoS'Ing with Python. 1 Replies
3 mo ago -
Forum Thread: Tools for Beginner Hacker 3 Replies
3 mo ago -
Forum Thread: How to Embed an Android Payload in an Image? 9 Replies
4 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 46 Replies
4 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 11 Replies
4 mo ago -
Forum Thread: Fix Initramfs Problem 5 Replies
4 mo ago
-
How To: Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
-
How To: Brute-Force Nearly Any Website Login with Hatch
-
How To: Dox Anyone
-
How To: Automate Wi-Fi Hacking with Wifite2
-
Android for Hackers: How to Turn an Android Phone into a Hacking Device Without Root
-
How To: Build a Beginner Hacking Kit with the Raspberry Pi 3 Model B+
-
BT Recon: How to Snoop on Bluetooth Devices Using Kali Linux
-
How To: Find Passwords in Exposed Log Files with Google Dorks
-
How To: Make Spoofed Calls Using Any Phone Number You Want Right from Your Smartphone
-
How To: Manually Exploit EternalBlue on Windows Server Using MS17-010 Python Exploit
-
How To: Hack MacOS with Digispark Ducky Script Payloads
-
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To: Hack Android Using Kali (Remotely)
-
How to Hack Wi-Fi: Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To: Phish for Social Media & Other Account Passwords with BlackEye
-
How To: Scan Websites for Interesting Directories & Files with Gobuster
-
How To: Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To: Use Kismet to Watch Wi-Fi User Activity Through Walls
-
How To: Gain Complete Control of Any Android Phone with the AhMyth RAT
-
How To: Intercept Images from a Security Camera Using Wireshark
7 Responses
Any link for that video?
There u go
Too bad there isnt any video on how it works. This feels like one of the thousands video's on youtube on "hack Facebook with 1 button"
https://www.exploit-db.com/docs/39527.pdf
You can go through the full research paper PDF (above mentioned link) that provides enough details to create a fully working and successful exploit.
Here's How the New Stagefright Exploit Works .Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:
Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.
Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.
Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.
Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.
The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.
How they are doing
Share Your Thoughts