The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
- Hot
- Active
-
Forum Thread:
How to Install VMWare Tools in Kali Linux Rolling 2016
1
Replies
5 hrs ago -
Forum Thread:
Hacking Android Problem!
6
Replies
13 hrs ago -
Forum Thread:
Does iCloud Tell Their Users Anything if You Change Their Password Through Security Questions?
0
Replies
16 hrs ago -
Forum Thread:
How to Remotely Control a Sony Bravia or View Its Contents
0
Replies
18 hrs ago -
Forum Thread:
Can We Send Apk File Which Install in Android without users notice and Then Send Us Audio File and Record Every Bit of
6
Replies
18 hrs ago -
Forum Thread:
DNS Spoofing Doesn't Work
2
Replies
22 hrs ago -
Forum Thread:
Why Do I Want to Be a Hacker? (For Newbies) 2017
4
Replies
1 day ago -
Forum Thread:
MSF Handler Failed Bind to External Ip
3
Replies
1 day ago -
Forum Thread:
How Can Hack Someones Android Phone in Same Wifi Network???
4
Replies
1 day ago -
Forum Thread:
Exploit Failed [Bad-Config] Rex::Bindfailed
2
Replies
1 day ago -
Forum Thread:
[Problem] Meterpreter, Migrate and Antivirus
3
Replies
1 day ago -
Forum Thread:
I Can't Hack Anything with Metasploit
5
Replies
2 days ago -
Forum Thread:
I'm Having Trouble with Metasploit
5
Replies
2 days ago -
Forum Thread:
Windows 10 Exploits
14
Replies
2 days ago -
Forum Thread:
Hacking into Whatsapp Series, Part 2: Phishing.
1
Replies
2 days ago -
Forum Thread:
Need Drivers for TP-Link TL-WN722N on Android.
1
Replies
3 days ago -
Forum Thread:
ZIP Files Sometimes Gives an Error
3
Replies
3 days ago -
Forum Thread:
Error When Opening Excel Files
0
Replies
3 days ago -
Forum Thread:
How to Encrypt a Shellcode ?
0
Replies
4 days ago -
Forum Thread:
Using a Wireless USB Adapter in Kali 2.0
6
Replies
5 days ago
-
How to Use PowerShell Empire:
Getting Started with Post-Exploitation of Windows Hosts
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Simulate a RAT on Your Network with ShinoBOT
-
How To:
Set Up SoftEther VPN on Windows to Keep Your Data Secure
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How to Hack Wi-Fi:
Capturing WPA Passwords by Targeting Users with a Fluxion Attack
-
How To:
Successfully Hack a Website in 2016!
-
How To:
Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Hack WPA WiFi Passwords by Cracking the WPS PIN
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
The Hacks of Mr. Robot:
How to Spy on Anyone's Smartphone Activity
-
How To:
Hack Any Account That Has Recovery via Phone Option Enabled (SMS) On Android:
-
Hack Like a Pro:
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
-
Hack Like a Pro:
How to Hack Smartphones (Creating a Smartphone Pentesting Lab)
-
Hack Like a Pro:
How to Hack Facebook, Part 2 (Facebook Password Extractor)
-
How To:
Hack Android Using Kali (Remotely)
-
How to Hack Wi-Fi:
Build a Software-Based Wi-Fi Jammer with Airgeddon
-
Hack Like a Pro:
How to Crack Passwords, Part 1 (Principles & Technologies)
7 Responses
Any link for that video?
There u go
Too bad there isnt any video on how it works. This feels like one of the thousands video's on youtube on "hack Facebook with 1 button"
https://www.exploit-db.com/docs/39527.pdf
You can go through the full research paper PDF (above mentioned link) that provides enough details to create a fully working and successful exploit.
Here's How the New Stagefright Exploit Works .Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:
Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.
Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.
Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.
Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.
The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.
How they are doing
Share Your Thoughts