EvilZone

Hacking and Security => Mobile Hacking => Topic started by: M1lak0 on August 06, 2015, 10:04:58 AM

Title: Stagefright exploit
Post by: M1lak0 on August 06, 2015, 10:04:58 AM

Do anybody have a Stagefright exploit??
I need to see how does it work. I saw a video by zLabs having a py based exploit. If anybody can share please do it.
Thankx in advance!

Title: Re: Stagefright exploit
Post by: bmxer13 on August 06, 2015, 07:35:50 PM

Seems that zimperium has put up an example on their website. Looks like its just running through metasploit

https://blog.zimperium.com/stagefright-vulnerability-details-stagefright-detector-tool-released/ (https://blog.zimperium.com/stagefright-vulnerability-details-stagefright-detector-tool-released/)

Title: Re: Stagefright exploit
Post by: hppd on September 14, 2015, 01:44:05 AM

https://www.exploit-db.com/exploits/38124/

https://www.youtube.com/watch?v=71YP65UANP0

Title: Re: Stagefright exploit
Post by: x40a0e on September 14, 2015, 05:03:48 AM

They also released full python source used to generate an mp4 that will pop a reverse shell running as media. I haven't tried it out yet, but I will be doing so soon. This is just the payload generator, getting the payload to execute is up to you, although it should be trivial.

https://blog.zimperium.com/the-latest-on-stagefright-cve-2015-1538-exploit-is-now-available-for-testing-purposes/

EDIT: I'm actually trying to go through this right now, but I'm unable to do so. I don't have the mp4 module, and I can't seem to figure out which library it is, so if anybody knows please let me know, my searches have not been so successful.

Title: Re: Stagefright exploit
Post by: Livebullshit on September 19, 2015, 12:29:49 AM

Looking at the code, try to rename the file to mp4.py
It should compile fine this way.
Nice exploit but stupid way of coding...

Title: Re: Stagefright exploit
Post by: gh05t3d on September 20, 2015, 09:55:32 PM

LiveBullshit is correct,rename it to mp4.py and works well.
Example :
mp4.py -c (ip address)  -p (port) -o namefile.mp4

Title: Re: Stagefright exploit
Post by: M1lak0 on September 23, 2015, 12:39:37 PM

couldn't connect it back with nc -l -p 444

Title: Re: Stagefright exploit
Post by: M1lak0 on November 10, 2015, 02:43:41 PM

Quote from: dagronk on November 10, 2015, 10:50:08 AM

Has anyone had recent success running this exploit or is it now patched?  I see there is a some mention re. a further theoretical Stagefright 2.0 exploit using mp3/mp4 files as payload delivery.  Does anyone play in this space?

Could run the thing, it generates even mp3 but then doesn't get any connect back and hence, exploit not working. May be patched..

Title: Re: Stagefright exploit
Post by: kadinali on November 13, 2015, 01:01:50 PM

seems to work well on python 2.7 and 3.4 has a proplem with earlier versions of python mine works like charm but took some work