The New Stagefright Exploit called METAPHOR and it is created by ISRAEL security researchers. The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5, samsung galaxy S5, LG G3 & HTC ONE device using their Metaphor exploit in just 10 seconds.
- Hot
- Active
-
Forum Thread:
I Need Your Response for a Homework Assignment.
10
Replies
2 hrs ago -
Forum Thread:
How to View Your Child's What's App And Many More!
7
Replies
13 hrs ago -
Forum Thread:
Hacking into Whatsapp Series, Part 2: Phishing.
6
Replies
3 days ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
57
Replies
4 days ago -
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
11
Replies
4 days ago -
Forum Thread:
I Need Help in Hacking a Gmail Account.
28
Replies
1 wk ago -
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
7
Replies
1 wk ago -
Forum Thread:
Hacking Facebook,Twitter,Instagram Account Passwords with BruteForce
167
Replies
1 wk ago -
Forum Thread:
How to Spy on Android Phones?
9
Replies
1 wk ago -
Forum Thread:
Whatsapp Hack?
23
Replies
1 wk ago -
Forum Thread:
Hack Instagram Account Using BruteForce
205
Replies
1 wk ago -
Metasploit Error:
Handler Failed to Bind
40
Replies
1 wk ago -
Forum Thread:
How to Bind Original Apk into a Payload with Msfvenom
3
Replies
1 wk ago -
Forum Thread:
Complete Guide to Creating and Hosting a Phishing Page for Beginners
48
Replies
2 wks ago -
Forum Thread:
Cloning Bootable Live USB to Partition of Hard Disk
10
Replies
2 wks ago -
Forum Thread:
How can i slow down or DDOS an the internet of an IP Adress???
3
Replies
2 wks ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
178
Replies
2 wks ago -
Forum Thread:
Kali Wont Start, Stuck at Kali Login:
21
Replies
2 wks ago -
Forum Thread:
How to Use Exploits Written in C Code
7
Replies
3 wks ago -
Forum Thread:
Tools for Beginner Hacker
3
Replies
3 wks ago
-
How To:
Dox Anyone
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
How To:
Scan Websites for Interesting Directories & Files with Gobuster
-
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
-
How To:
Crack SSH Private Key Passwords with John the Ripper
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Scan, Fake & Attack Wi-Fi Networks with the ESP8266-Based WiFi Deauther
-
How To:
Change Your Terminal Header
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
Crack Shadow Hashes After Getting Root on a Linux System
-
How To:
Exploit EternalBlue on Windows Server with Metasploit
-
How To:
Create a Persistent Back Door in Android Using Kali Linux:
-
How To:
Automate Wi-Fi Hacking with Wifite2
-
How To:
Brute-Force FTP Credentials & Get Server Access
-
How To:
Hack WPA WiFi Passwords by Cracking the WPS PIN
-
How To:
How Hackers Use Your IP Address to Hack Your Computer & How to Stop It
-
Hack Like a Pro:
How to Change the Signature of Metasploit Payloads to Evade Antivirus Detection
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
7 Responses
Any link for that video?
There u go
Too bad there isnt any video on how it works. This feels like one of the thousands video's on youtube on "hack Facebook with 1 button"
https://www.exploit-db.com/docs/39527.pdf
You can go through the full research paper PDF (above mentioned link) that provides enough details to create a fully working and successful exploit.
Here's How the New Stagefright Exploit Works .Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:
Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.
Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.
Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.
Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.
The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.
How they are doing
Share Your Thoughts