Forum Thread: How to Use StageFright Exploit?

How to Use StageFright Exploit?

Looking for a how to for this. I looked up everywhere and couldn't find anything straight forward. Is there any way that we can embed our metasploit android payload into .3gp or .mp4 file to make StageFright exploit work?

24 Responses

link.

in the linked page, you can find the python code of the stagefright exploit.

-Phoenix750

Although i have seen complaints about an import mp4 error, when you get the script rename it to mp4.py

I can't compile it. Could you please help me with that?
Python2:

File "38124.py", line 8

SyntaxError: Non-ASCII character '\xe2' in file 38124.py on line 8, but no encoding declared; see http://www.python.org/peps/pep-0263.html for details

Python3:

File "38124.py", line 25
raise 'Yo! They call it "FourCC" for a reason.'
^
SyntaxError: invalid character in identifier

For line 8 :
Just write #coding: utf-8 at the top of your python file

An for line 25 :
Use ' and " and u will surely fix these errors

I'm having problem compiling this:

It gives lots of error like Ibrahim pointed out.

Why they use " instead of " ? Python does not recognise the code betwen " " as string and gives error. They want us to struglle? Do we need to change all of them or there is a # command to make it recognisable? I don't have much coding skills I'm trying to compile it with python 2.7 IDE I'm getting lots of error.

It's not about struggle when you copy and paste the code from Web.. you end up copying ut8 it messes up the code. Try a different Web to copy the code... Web like git hub.

Add a line at the top:
"#coding: utf-8"

I made all the error correct and now i have a mp4 video file. Please make me know that how to use that clip to hack android device .Where to use ? How to get info ? please help me .

... You run the .py file, state your port and ip for the hacker system, then send it to the victim?

hey will u pls ,
explain it in breafly or tell me the steps how to use it and what are the steps to hack android using stage fright ,
actuall "netcat -l -p 4444" after this nothing happens screen stays blank.
and how send that file meow.mp4 to the victim ,
iam using kali 2.0

2 some1s fb/twitter/gmail etc.

wowo great as u have compilled it

Has anyone done the exploit? I don't have an adnroid and don't think you can exploit an android vm...

Can anyone upload the updated python script? This one is showing error.

I success changing all the cod it works fine for me
If anyone needs help just give the error cod and I help is much is I can

so u doing stagefright atacks?...i've two exploits ,an original one and the other fixed one.....but i'm stuck in 'necat -l -p 4444' step...i sent that mp.4 file to my phone...

Hi I compiled the py successfully but what can i do with mp4 file which tool i have to use to handle the exploit

hey but the file shows error when i open it ,mp4 created media file

root@k3-PC:~/Desktop# python /root/Desktop/a/metaphor/exploit/metaphor.py -c 192.168.43.158 -o leak
usage: metaphor.py -h -c CONFIG -o OUTPUT {leak,rce,suicide} ...
metaphor.py: error: too few arguments
root@k3-PC:~/Desktop# python /root/Desktop/a/metaphor/exploit/metaphor.py -c 192.168.43.158 -o
usage: metaphor.py -h -c CONFIG -o OUTPUT {leak,rce,suicide} ...
metaphor.py: error: argument -o/--output: expected one argument
root@k3-PC:~/Desktop# python /root/Desktop/a/metaphor/exploit/metaphor.py -c 192.168.43.158 -p 443 -o leak
usage: metaphor.py -h -c CONFIG -o OUTPUT {leak,rce,suicide} ...

metaphor.py: error: argument exploit: invalid choice: '443' (choose from 'leak', 'rce', 'suicide')......................................

whats wrong with it?..please help me

Has anyone managed to get this working? Or is there any online tutorials with steps on how to implement it?

Hello,

I tried to run the python script and it said your mp4 file is created. but I cant see mp4 file any where. It does not show any error. Please see the screenshot below. Can anyone help me here?

Thanks

Share Your Thoughts

  • Hot
  • Active