The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
- Hot
- Active
-
Forum Thread:
How to Build Cheapest Password Cracker on Multiple GPUs?
0
Replies
34 min ago -
Forum Thread:
Active White-Hat Forums?
14
Replies
1 hr ago -
Forum Thread:
Arpspoof - No Connectivity on Physical Machine
0
Replies
6 hrs ago -
Forum Thread:
Apis for Trojans [ a gift from me ]
0
Replies
12 hrs ago -
Forum Thread:
Creating a Ransomware for Android from 0! By [ Mohamed Ahmed ]
0
Replies
12 hrs ago -
Forum Thread:
Hack Cheating Wife's Windows 7 Admin Password
12
Replies
13 hrs ago -
Forum Thread:
BlueBorne - Kali Linux Script?
9
Replies
14 hrs ago -
Forum Thread:
How to Install This Custom Metasploit?
0
Replies
14 hrs ago -
Forum Thread:
Building a TAP ( Passive Sniffer ) By: [ Mohamed Ahmed ]
0
Replies
15 hrs ago -
Forum Thread:
Pentesting with Shodan & Functional Exploits By [Mohamed Ahmed ]
0
Replies
17 hrs ago -
Forum Thread:
Hello,need help with PDF . how remove hack password ?
2
Replies
19 hrs ago -
Kali Linux:
TP-Link TL WN722N V2 Driver Not Working
11
Replies
20 hrs ago -
Forum Thread:
How to Hack Wireless Password Through MAC Address and IP Address
19
Replies
1 day ago -
Forum Thread:
How to Track an Android Phone
0
Replies
1 day ago -
Forum Thread:
How to Spy on Android Phones?
5
Replies
1 day ago -
Forum Thread:
How Would I Decrypt This?
1
Replies
1 day ago -
Forum Thread:
Hack Telegram Bot
1
Replies
1 day ago -
Forum Thread:
Problems with TL-WN722N V2 (Monitor Mode)
17
Replies
1 day ago -
Forum Thread:
Decrypting SSL or TLS Session Traffic with Wireshark
1
Replies
1 day ago -
Forum Thread:
What Is the Best Free Vpn Services?
21
Replies
1 day ago
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Exploring Kali Linux Alternatives: How to Get Started with BlackArch, a More Up-to-Date Pentesting Distro
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Hack Forum Accounts with Password-Stealing Pictures
-
How To:
Successfully Hack a Website in 2016!
-
How To:
Hack Windows 7 (Become Admin)
-
How To:
Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
-
How To:
Use a Virtual Burner Phone to Protect Your Identity & Security
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How to Hack Wi-Fi:
Capturing WPA Passwords by Targeting Users with a Fluxion Attack
-
Hack Like a Pro:
How to Exploit and Gain Remote Access to PCs Running Windows XP
-
Hack Like a Pro:
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
Hack Like a Pro:
How to Spy on Anyone, Part 1 (Hacking Computers)
-
How To:
Hack Android Using Kali (Remotely)
-
Hack Like a Pro:
How to Crack Passwords, Part 1 (Principles & Technologies)
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2017
-
Hack Like a Pro:
How to Remotely Install a Keylogger onto Your Girlfriend's Computer
-
How To:
Hack a Windows 7/8/10 Admin Account Password with Windows Magnifier
-
Hack Like a Pro:
How to Hack Facebook, Part 2 (Facebook Password Extractor)
7 Responses
Any link for that video?
There u go
Too bad there isnt any video on how it works. This feels like one of the thousands video's on youtube on "hack Facebook with 1 button"
https://www.exploit-db.com/docs/39527.pdf
You can go through the full research paper PDF (above mentioned link) that provides enough details to create a fully working and successful exploit.
Here's How the New Stagefright Exploit Works .Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:
Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.
Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.
Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.
Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.
The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.
How they are doing
Share Your Thoughts