Stagefright exploit

[M1lak0]

Do anybody have a Stagefright exploit??
I need to see how does it work. I saw a video by zLabs having a py based exploit. If anybody can share please do it.
Thankx in advance!

[bmxer13]

Seems that zimperium has put up an example on their website. Looks like its just running through metasploit

https://blog.zimperium.com/stagefright-vulnerability-details-stagefright-detector-tool-released/

[hppd]

https://www.exploit-db.com/exploits/38124/

https://www.youtube.com/watch?v=71YP65UANP0

[x40a0e]

They also released full python source used to generate an mp4 that will pop a reverse shell running as media. I haven't tried it out yet, but I will be doing so soon. This is just the payload generator, getting the payload to execute is up to you, although it should be trivial.

https://blog.zimperium.com/the-latest-on-stagefright-cve-2015-1538-exploit-is-now-available-for-testing-purposes/

EDIT: I'm actually trying to go through this right now, but I'm unable to do so. I don't have the mp4 module, and I can't seem to figure out which library it is, so if anybody knows please let me know, my searches have not been so successful.

[Livebullshit]

Looking at the code, try to rename the file to mp4.py
It should compile fine this way.
Nice exploit but stupid way of coding...

[gh05t3d]

LiveBullshit is correct,rename it to mp4.py and works well.
Example :
mp4.py -c (ip address)  -p (port) -o namefile.mp4

[M1lak0]

couldn't connect it back with nc -l -p 444

[M1lak0]

Has anyone had recent success running this exploit or is it now patched?  I see there is a some mention re. a further theoretical Stagefright 2.0 exploit using mp3/mp4 files as payload delivery.  Does anyone play in this space?

Could run the thing, it generates even mp3 but then doesn't get any connect back and hence, exploit not working. May be patched..

[kadinali]

seems to work well on python 2.7 and 3.4 has a proplem with earlier versions of python mine works like charm but took some work