Google Android 5.0.1 – Metaphor Stagefright (ASLR Bypass)

• Exploit Database
• 43 阅读

• 作者： NorthBit
  日期： 2016-03-30
• 类别：

  • remote
  平台：

  • android
• 来源：https://www.exploit-db.com/exploits/39640/

• Source: https://github.com/NorthBit/Metaphor
  
  Metaphor - Stagefright with ASLR bypass By Hanan Be'er from NorthBit Ltd.
  
  Link to whitepaper: https://raw.githubusercontent.com/NorthBit/Public/master/NorthBit-Metaphor.pdf
  
  Twitter: https://twitter.com/High_Byte
  
  Metaphor's source code is now released! The source include a PoC that generates MP4 exploits in real-time and bypassing ASLR. The PoC includes lookup tables for Nexus 5 Build LRX22C with Android 5.0.1. Server-side of the PoC include simple PHP scripts that run the exploit generator - I'm using XAMPP to serve gzipped MP4 files. The attack page is index.php.
  
  The exploit generator is written in Python and used by the PHP code.
  
  usage: metaphor.py [-h] [-c CONFIG] -o OUTPUT {leak,rce,suicide} ...
  
  positional arguments:
  {leak,rce,suicide}Type of exploit to generate
  
  optional arguments:
  -h, --helpshow this help message and exit
  -c CONFIG, --config CONFIG
  Override exploit configuration
  -o OUTPUT, --output OUTPUT
  Credits: To the NorthBit team E.P. - My shining paladin, for assisting in boosting this project to achieve all the goals.
  
  
  Proof of Concept:
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39640.zip