The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
Forum Thread:
MetaSploit Issues
19
Replies
Forum Thread:
Problem with Bruteforcing with Hydra
0
Replies
Forum Thread:
Problem with Bruteforce Using Hydra
20
Replies
Forum Thread:
How to Set Up MinGW on Kali Using Wine
8
Replies
Forum Thread:
I Am Being Hacked Like Mr. Robot.
14
Replies
Forum Thread:
How to Install Tor as a Root in Kali Linux
0
Replies
Backdoor, Listeners:
How to Know if Your Computer or Smartphones Have One?
26
Replies
Forum Thread:
How to Investigate a Hacker ? Kali Linux ?
5
Replies
Forum Thread:
How to Download Video from Instagram
2
Replies
Forum Thread:
I Am Working on Hacking Facebook Account. I Need Members to Guide It for Me.
4
Replies
Forum Thread:
Is There a Silent .Doc Exploit Builder??
5
Replies
Forum Thread:
I'm Not Able to Create a How-to Article
2
Replies
Forum Thread:
Somebody Help Me to Hack SKM World Online Game
2
Replies
Forum Thread:
Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom?
67
Replies
Forum Thread:
Problems with TL-WN722N V2 (Monitor Mode)
13
Replies
Forum Thread:
Hacking a Instagram Account
8
Replies
Forum Thread:
Needing Help Setting Up Wifi on Linux
10
Replies
Forum Thread:
TL WN722N Usb Not Detected in Kali Linux 2017.1
14
Replies
Forum Thread:
How Can I Install Ferret Sidejack in Kali?
1
Replies
Forum Thread:
instaBrute Help Required.
20
Replies
How To:
Exploit Routers on an Unrooted Android Phone
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
How to Hack Wi-Fi:
Automating Wi-Fi Hacking with Besside-ng
Recon:
How to Research a Person or Organization Using the Operative Framework
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
How To:
Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
How To:
Scrape Target Email Addresses with TheHarvester
How To:
Successfully Hack a Website in 2016!
Hack Like a Pro:
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
How to Hack Wi-Fi:
Capturing WPA Passwords by Targeting Users with a Fluxion Attack
How To:
Hack Android Using Kali (Remotely)
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
Hack Like a Pro:
How to Find Vulnerabilities for Any Website Using Nikto
How To:
The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
Hack Like a Pro:
How to Remotely Install a Keylogger onto Your Girlfriend's Computer
How To:
The Essential Skills to Becoming a Master Hacker
How To:
Install Kali Live on a USB Drive (With Persistence, Optional)
7 Responses
Any link for that video?
There u go
Too bad there isnt any video on how it works. This feels like one of the thousands video's on youtube on "hack Facebook with 1 button"
https://www.exploit-db.com/docs/39527.pdf
You can go through the full research paper PDF (above mentioned link) that provides enough details to create a fully working and successful exploit.
Here's How the New Stagefright Exploit Works .Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:
Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.
Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.
Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.
Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.
The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.
How they are doing
Share Your Thoughts