The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
- Hot
- Active
-
Forum Thread:
http www supplements24x7 com velofel australia au
0
Replies
1 hr ago -
Forum Thread:
health2wealthclub.Com/Trim-Pill-Keto/
0
Replies
1 hr ago -
Forum Thread:
www.prohealthpedia.com/Male-Ultracore-Review/
0
Replies
4 hrs ago -
Forum Thread:
http://thesupplementcop.com/plant-pure-turmeric-cbd/
0
Replies
6 hrs ago -
Forum Thread:
http://thesupplementcop.com/plant-pure-turmeric-cbd/
0
Replies
7 hrs ago -
Forum Thread:
Bionatrol CBD
0
Replies
8 hrs ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
134
Replies
14 hrs ago -
Forum Thread:
Wlan Rename After Update / Upgrade in Kali Linux
0
Replies
1 day ago -
How to:
Embed MSF Payload in Original APK Files | Part #1 - Using TheFatRAT
19
Replies
1 day ago -
Forum Thread:
Https Site in My Browser Automatically Downgrade into Http or Site Not Open..Am I Hacked .
1
Replies
1 day ago -
Forum Thread:
Kali Linux Initramfs Boot Error
0
Replies
1 day ago -
Forum Thread:
I Want to Hack a Facebook Account.
9
Replies
2 days ago -
Forum Thread:
How to Hack Router Password to Access Router Control Panel?
6
Replies
2 days ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
36
Replies
3 days ago -
Forum Thread:
My Instagram Account Has Been Hacked
0
Replies
3 days ago -
Forum Thread:
Deauth Tutorial?
5
Replies
4 days ago -
Forum Thread:
Bruteforcing Social Media Passwords Using Python
0
Replies
4 days ago -
How to:
Install Metasploit Framework on Android | Part #1 - in TermuX
78
Replies
4 days ago -
Forum Thread:
Armitage Can't Show "Attack" Menu in Host
4
Replies
5 days ago -
Forum Thread:
Mobile SSH Connection Refused
0
Replies
5 days ago
-
How To:
Spy on Traffic from a Smartphone with Wireshark
-
How To:
Get Root Filesystem Access via Samba Symlink Traversal
-
How To:
Use Hash-Identifier to Determine Hash Types for Password Cracking
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To:
Find Anyone's Private Phone Number Using Facebook
-
How To:
Hack Android Using Kali (Remotely)
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Automate Wi-Fi Hacking with Wifite2
-
Hack Like a Pro:
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
-
Hack Like a Pro:
Windows CMD Remote Commands for the Aspiring Hacker, Part 1
-
How To:
Securely Sniff Wi-Fi Packets with Sniffglue
7 Responses
Any link for that video?
There u go
Too bad there isnt any video on how it works. This feels like one of the thousands video's on youtube on "hack Facebook with 1 button"
https://www.exploit-db.com/docs/39527.pdf
You can go through the full research paper PDF (above mentioned link) that provides enough details to create a fully working and successful exploit.
Here's How the New Stagefright Exploit Works .Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:
Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.
Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.
Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.
Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.
The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.
How they are doing
Share Your Thoughts