The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
- Hot
- Active
-
Q:
MITMf - What Am I Doing Wrong?
36
Replies
12 hrs ago -
Forum Thread:
Where to Buy Good Wigs Online
0
Replies
1 day ago -
Forum Thread:
eBay Coupon 10 Off Any Purchase
0
Replies
1 day ago -
Forum Thread:
Super Fast Keto Boost
0
Replies
1 day ago -
Forum Thread:
Problem with .Apk Payloads
17
Replies
1 day ago -
Forum Thread:
Alpha Lion Coupon
0
Replies
1 day ago -
Forum Thread:
Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom?
97
Replies
1 day ago -
Forum Thread:
Walmart Promo Codes 20% Off
0
Replies
1 day ago -
Forum Thread:
Hack Cheating Wife's Windows 7 Admin Password
17
Replies
1 day ago -
Forum Thread:
VMware Issue in Kali Linux 2019.3
0
Replies
2 days ago -
Forum Thread:
Alpha Lion Pre Workout
0
Replies
2 days ago -
Forum Thread:
How to Web Scrape Without Getting Blocked[Real Examples]?
0
Replies
2 days ago -
Forum Thread:
Alpha Lion Hulk Juice
0
Replies
2 days ago -
Forum Thread:
Meterpreter on Android
7
Replies
2 days ago -
Forum Thread:
Keto Plus Pro
0
Replies
3 days ago -
Forum Thread:
What Is Keto Pro Plus UK?
0
Replies
3 days ago -
Forum Thread:
Pro Vita Keto
0
Replies
3 days ago -
Forum Thread:
Changing IP Address
6
Replies
3 days ago -
Forum Thread:
Super Fast Keto Boost
0
Replies
3 days ago -
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
4 days ago
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Create Malicious QR Codes to Hack Phones & Other Scanners
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To:
Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
-
How To:
Build a Beginner Hacking Kit with the Raspberry Pi 3 Model B+
-
How To:
Hack Coin-Operated Laudromat Machines for Free Wash & Dry Cycles
-
How To:
Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust Attack Using Airgeddon
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
Hack Like a Pro:
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
-
How To:
Find Anyone's Private Phone Number Using Facebook
-
How To:
Scan, Fake & Attack Wi-Fi Networks with the ESP8266-Based WiFi Deauther
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
7 Responses
Any link for that video?
There u go
Too bad there isnt any video on how it works. This feels like one of the thousands video's on youtube on "hack Facebook with 1 button"
https://www.exploit-db.com/docs/39527.pdf
You can go through the full research paper PDF (above mentioned link) that provides enough details to create a fully working and successful exploit.
Here's How the New Stagefright Exploit Works .Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:
Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.
Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.
Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.
Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.
The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.
How they are doing
Share Your Thoughts