The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
- Hot
- Active
-
Forum Thread:
Rtl8812bu on Kali Linux
2
Replies
22 hrs ago -
Penetration Testing:
Simple Ways to Perform Banner Grabbing
0
Replies
22 hrs ago -
Forum Thread:
Phish with HiddenEye - A tool with Advanced Feature
0
Replies
1 day ago -
Forum Thread:
Cyber Security Whole Course for Free Joins Us Now!![Sorry for the Theory Part but It Is Necessary]
0
Replies
1 day ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
33
Replies
1 day ago -
Forum Thread:
How to Get Code Blocks in a How-To
0
Replies
2 days ago -
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
14
Replies
2 days ago -
Forum Thread:
Limitations of Banner Grabbing During Penetration Testing
0
Replies
3 days ago -
Forum Thread:
How to Get Password Using Canary Token and Set a Trap Against Your Victim. Ethical Hacking Course for Freee OnYoutube
0
Replies
4 days ago -
Forum Thread:
How Do I Switch a Netcat Shell to a Metasploit Meterpreter?
4
Replies
4 days ago -
Forum Thread:
Hack Windows and Linux Using Ashwatthama Botnet
0
Replies
4 days ago -
Forum Thread:
During Cloning Target AP with FLUXION , the Real Wifi Is Working Perfectly??
0
Replies
1 wk ago -
Forum Thread:
Crack Password Using AI with PassHemorrhage
0
Replies
1 wk ago -
Forum Thread:
Can I modify the content in /wp-content/uploads/ just by browsing it?
0
Replies
1 wk ago -
Forum Thread:
I Wan't to Learn Pentesting, and Planning to Learn Both C++ and Python. But I'm Not Sure About What I Should Start With?
0
Replies
1 wk ago -
Forum Thread:
How to Encrypt Python Exploit So It Can Be FUD Again? [DOC EXPLOIT]
23
Replies
1 wk ago -
Forum Thread:
The Only Authentic Way to Hack Instagram!
44
Replies
1 wk ago -
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
3
Replies
1 wk ago -
Forum Thread:
How to Hack Android Phone Using Same Wifi
26
Replies
1 wk ago -
Forum Thread:
Help Needed Please!
7
Replies
1 wk ago
-
How To:
Crack SSH Private Key Passwords with John the Ripper
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Conduct a Pentest Like a Pro in 6 Phases
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How To:
Write an XSS Cookie Stealer in JavaScript to Steal Passwords
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Become a Six Sigma Black Belt with This $30 Training
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
How To:
Gain Complete Control of Any Android Phone with the AhMyth RAT
-
How To:
Dox Anyone
-
How To:
Take a Deep Dive into AI with This 4-Course Bundle
-
How To:
Learn About Data Analysis with Excel & Power BI for Only $25
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Create a Persistent Back Door in Android Using Kali Linux:
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To:
Phish for Social Media & Other Account Passwords with BlackEye
-
How To:
The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
-
How To:
Run Kali Linux as a Windows Subsystem
7 Responses
Any link for that video?
There u go
Too bad there isnt any video on how it works. This feels like one of the thousands video's on youtube on "hack Facebook with 1 button"
https://www.exploit-db.com/docs/39527.pdf
You can go through the full research paper PDF (above mentioned link) that provides enough details to create a fully working and successful exploit.
Here's How the New Stagefright Exploit Works .Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:
Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.
Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.
Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.
Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.
The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.
How they are doing
Share Your Thoughts