Author Topic: Stagefright exploit  (Read 7824 times)

0 Members and 3 Guests are viewing this topic.

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
Stagefright exploit
« on: August 06, 2015, 10:04:58 am »
Do anybody have a Stagefright exploit??
I need to see how does it work. I saw a video by zLabs having a py based exploit. If anybody can share please do it.
Thankx in advance!
"Security is just an illusion"

Offline bmxer13

  • /dev/null
  • *
  • Posts: 8
  • Cookies: -4
    • View Profile
Re: Stagefright exploit
« Reply #1 on: August 06, 2015, 07:35:50 pm »
Seems that zimperium has put up an example on their website. Looks like its just running through metasploit

https://blog.zimperium.com/stagefright-vulnerability-details-stagefright-detector-tool-released/

Offline hppd

  • Knight
  • **
  • Posts: 163
  • Cookies: 7
    • View Profile
« Last Edit: September 14, 2015, 01:49:18 am by hppd »

Offline x40a0e

  • Serf
  • *
  • Posts: 29
  • Cookies: 9
    • View Profile
Re: Stagefright exploit
« Reply #3 on: September 14, 2015, 05:03:48 am »
They also released full python source used to generate an mp4 that will pop a reverse shell running as media. I haven't tried it out yet, but I will be doing so soon. This is just the payload generator, getting the payload to execute is up to you, although it should be trivial.

https://blog.zimperium.com/the-latest-on-stagefright-cve-2015-1538-exploit-is-now-available-for-testing-purposes/

EDIT: I'm actually trying to go through this right now, but I'm unable to do so. I don't have the mp4 module, and I can't seem to figure out which library it is, so if anybody knows please let me know, my searches have not been so successful.
« Last Edit: September 14, 2015, 05:46:11 am by x40a0e »

Offline Livebullshit

  • NULL
  • Posts: 4
  • Cookies: 0
    • View Profile
Re: Stagefright exploit
« Reply #4 on: September 19, 2015, 12:29:49 am »
Looking at the code, try to rename the file to mp4.py
It should compile fine this way.
Nice exploit but stupid way of coding...

Offline gh05t3d

  • /dev/null
  • *
  • Posts: 11
  • Cookies: -2
  • jabber: gh05t3d@jabb3r.org
    • View Profile
    • My website?
Re: Stagefright exploit
« Reply #5 on: September 20, 2015, 09:55:32 pm »
LiveBullshit is correct,rename it to mp4.py and works well.
Example :
mp4.py -c (ip address)  -p (port) -o namefile.mp4
Jabber: gh05t3d@jabb3r.org

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
Re: Stagefright exploit
« Reply #6 on: September 23, 2015, 12:39:37 pm »
couldn't connect it back with nc -l -p 444
"Security is just an illusion"

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
Re: Stagefright exploit
« Reply #7 on: November 10, 2015, 02:43:41 pm »
Has anyone had recent success running this exploit or is it now patched?  I see there is a some mention re. a further theoretical Stagefright 2.0 exploit using mp3/mp4 files as payload delivery.  Does anyone play in this space?
Could run the thing, it generates even mp3 but then doesn't get any connect back and hence, exploit not working. May be patched..
"Security is just an illusion"

Offline kadinali

  • NULL
  • Posts: 1
  • Cookies: -1
    • View Profile
Re: Stagefright exploit
« Reply #8 on: November 13, 2015, 01:01:50 pm »
seems to work well on python 2.7 and 3.4 has a proplem with earlier versions of python mine works like charm but took some work