The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
- Hot
- Active
-
Forum Thread:
How to Hack Anonymously Using Airgeddon?
5
Replies
5 hrs ago -
Forum Thread:
Hack a Smart Tv?
5
Replies
21 hrs ago -
Forum Thread:
Kali Linux External Wifi Not Working?
19
Replies
23 hrs ago -
Forum Thread:
WIRELESS ADAPTER STOPPED WORKING VIRTUAL BOX KALI LINUX
2
Replies
23 hrs ago -
Forum Thread:
The Only Authentic Way to Hack Instagram!
40
Replies
1 day ago -
How to:
Crack Instagram Passwords Using Instainsane
21
Replies
3 days ago -
Forum Thread:
How to Hack CCTV Private Cameras
64
Replies
3 days ago -
Forum Thread:
Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom?
101
Replies
3 days ago -
Forum Thread:
Where Do I Get the Python Used in All Null Byte Tutorials?
2
Replies
4 days ago -
Forum Thread:
Tips on Networking 101
0
Replies
4 days ago -
Forum Thread:
How to Get Proxychains to Work?
13
Replies
5 days ago -
Forum Thread:
Use Hikxploit to Hack Hikvision Security Cameras
3
Replies
5 days ago -
Forum Thread:
How to hack Wi-Fi anonymously using Airgeddon?
0
Replies
1 wk ago -
Communtiy Discussion:
Watchdogs Hacking
30
Replies
1 wk ago -
Forum Thread:
Am Having Problems Creating a Session on Meterpreter
0
Replies
1 wk ago -
Forum Thread:
How to Hack into a WiFi Network Without Any Packets Sent
0
Replies
1 wk ago -
Forum Thread:
Windows WiFi Scanning Security Issue
0
Replies
1 wk ago -
Forum Thread:
Thanks for Your Interest in eBooks from Null Byte
1
Replies
1 wk ago -
Forum Thread:
Black Hydra Brute Force Help
0
Replies
1 wk ago -
Forum Thread:
Grab Target's Webcam by Link
1
Replies
1 wk ago
-
Hacking Windows 10:
How to Use SSH Tunnels to Forward Requests & Hack Remote Routers
-
How to Hack with Arduino:
Tracking Which Networks a Mac Has Connected To & When
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Spy on SSH Sessions with SSHPry2.0
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To:
Phish for Social Media & Other Account Passwords with BlackEye
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust Attack Using Airgeddon
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Hack Coin-Operated Laudromat Machines for Free Wash & Dry Cycles
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Spy on Traffic from a Smartphone with Wireshark
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
Android for Hackers:
How to Exfiltrate WPA2 Wi-Fi Passwords Using Android & PowerShell
7 Responses
Any link for that video?
There u go
Too bad there isnt any video on how it works. This feels like one of the thousands video's on youtube on "hack Facebook with 1 button"
https://www.exploit-db.com/docs/39527.pdf
You can go through the full research paper PDF (above mentioned link) that provides enough details to create a fully working and successful exploit.
Here's How the New Stagefright Exploit Works .Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:
Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.
Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.
Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.
Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.
The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.
How they are doing
Share Your Thoughts