The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
- Hot
- Active
-
Forum Thread:
Like a Boss Movie 2019 Story _ImdB
0
Replies
11 min ago -
Forum Thread:
Just Mercy Movie Creeping to the Surface 15 Years Later
0
Replies
14 min ago -
Forum Thread:
Knives Out MOVIE 2019 Poster _IMdb
0
Replies
25 min ago -
Star Wars:
The Rise of Skywalker Movie 2020 Review _Imdb
0
Replies
32 min ago -
Forum Thread:
Little Women Movie 2019 Subtitles _imdB
0
Replies
35 min ago -
Forum Thread:
https://productscop.com/ksx-male-performance/
0
Replies
42 min ago -
Forum Thread:
Underwater Review - Telegraph
0
Replies
42 min ago -
Forum Thread:
Blue Screen Kali
5
Replies
1 hr ago -
Forum Thread:
Spies in Disguise Movie 2020 - an Occult Review - the Outsider
0
Replies
1 hr ago -
Forum Thread:
Just Mercy Movie 2019 Trailer _imDB
0
Replies
1 hr ago -
Ash vs Maleficent:
Mistress of Evil | Den of Geek
0
Replies
1 hr ago -
Forum Thread:
Star Wars the Rise of Skywalker Movie 2019 Budget _iMdb
0
Replies
1 hr ago -
Forum Thread:
Joker Movie 2020 Review _Imdb
0
Replies
2 hrs ago -
Jumanji:
The Next Level Movie (2019) Rating _imdb
0
Replies
2 hrs ago -
Forum Thread:
1917 Movie (2019) Cast _imDb
0
Replies
2 hrs ago -
Frozen II Review:
Taika Waititi Almost Transcends the Marvel-Verse
0
Replies
2 hrs ago -
Forum Thread:
Dolittle Movie (2020) Box Office _Imdb
0
Replies
2 hrs ago -
Forum Thread:
Ash vs Like a Boss | Den of Geek
0
Replies
2 hrs ago -
Forum Thread:
Bad Boys for Life Movie 2020 Review _IMDB
0
Replies
3 hrs ago -
Forum Thread:
Ash vs Knives Out | Den of Geek
0
Replies
3 hrs ago
-
How To:
Break into Router Gateways with Patator
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Brute-Force SSH, FTP, VNC & More with BruteDum
-
How To:
Use SUDO_KILLER to Identify & Abuse Sudo Misconfigurations
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Crack WPA & WPA2 Wi-Fi Passwords with Pyrit
-
How To:
Steal Ubuntu & MacOS Sudo Passwords Without Any Cracking
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
Hack Android Using Kali (Remotely)
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
Steganography:
How to Hide Secret Data Inside an Image or Audio File in Seconds
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
Hack Like a Pro:
How to Get Facebook Credentials Without Hacking Facebook
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How To:
Find Anyone's Private Phone Number Using Facebook
7 Responses
Any link for that video?
There u go
Too bad there isnt any video on how it works. This feels like one of the thousands video's on youtube on "hack Facebook with 1 button"
https://www.exploit-db.com/docs/39527.pdf
You can go through the full research paper PDF (above mentioned link) that provides enough details to create a fully working and successful exploit.
Here's How the New Stagefright Exploit Works .Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:
Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.
Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.
Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.
Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.
The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.
How they are doing
Share Your Thoughts