Everything Stagefright [Exploit]

1. ##########################################################
2. ### ~EVERYTHING STAGEFRIGHT~ (Constantly updating) ###
3. ##########################################################
4. VIDEO TUTORIAL W/ download links: https://www.youtube.com/watch?v=zlLtJ6wfguw
5. #########################---------------------------------------------- + ----------------------------------------------#########################
6.  
7. .mp4 CVE Exploit for RCE Vulnerability CVE-2015-1538 #1: https://github.com/jduck/cve-2015-1538-1/blob/master/Stagefright_CVE-2015-1538-1_Exploit.py
8. # Integer Overflow in the libstagefright MP4 'stsc' atom handling
9. #
10. # Don't forget, the output of "create_mp4" can be delivered many ways!
11. # MMS is the most dangerous attack vector, but not the only one...
12. #
13. # DISCLAIMER: This exploit is for testing and educational purposes only. Any
14. # other usage for this code is not allowed. Use at your own risk.
15. #
16. # "With great power comes great responsibility." - Uncle Ben
17. #########################---------------------------------------------- + ----------------------------------------------#########################
18.  
19. https://blog.zimperium.com/stagefright-vulnerability-details-stagefright-detector-tool-released/
20.  
21. https://github.com/WhisperSystems/TextSecure/issues/3817
22.  
23. https://github.com/omxcodec/stagefright-plugins
24.  
25. https://www.kb.cert.org/vuls/id/924951
26.  
27. https://source.android.com/devices/media.html
28.  
29. http://www.linuxveda.com/2015/07/29/stagefright-worst-android-exploit/
30.  
31. https://github.com/WhisperSystems/TextSecure/issues/3817
32.  
33. http://www.droidfeed.net/2015/08/latest-cyanogenmod-12-1-nightly-not-affected-by-stagefright-exploit/
34.  
35. #########################---------------------------------------------- + ----------------------------------------------#########################
36.  
37. POC: https://s3.amazonaws.com/zhafiles/Zimperium-Handset-Alliance/ZHA-Crash-PoC.zip
38.  
39. Patch: https://s3.amazonaws.com/zhafiles/Zimperium-Handset-Alliance/ZHA-Stagefright-Patches.zip
40.  
41. MMS Disable App: https://s3.amazonaws.com/zhafiles/Zimperium-Handset-Alliance/Samsung_KNOX_and_ZHA_ap_MMSCtrl.apk
42.  
43. STAGEFRIGHT DETECTOR APP
44.  
45. Today Zimperium launched the ‘Stagefright detector App’ for Android users to test if their device is vulnerable. The app is available for download on the Android store. Download link: https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
46.  
47. - See more at: https://blog.zimperium.com/stagefright-vulnerability-details-stagefright-detector-tool-released/#sthash.Wgztldfv.dpuf
48.  
49. SOURCES: https://pastebin.com/fhx47gx2
50. #########################---------------------------------------------- + ----------------------------------------------#########################
51.  
52. CVE-2015-1538, P0006, Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution
53. CVE-2015-1538, P0004, Google Stagefright ‘ctts’ MP4 Atom Integer Overflow Remote Code Execution
54. CVE-2015-1538, P0004, Google Stagefright ‘stts’ MP4 Atom Integer Overflow Remote Code Execution
55. CVE-2015-1538, P0004, Google Stagefright ‘stss’ MP4 Atom Integer Overflow Remote Code Execution
56. CVE-2015-1539, P0007, Google Stagefright ‘esds’ MP4 Atom Integer Underflow Remote Code Execution
57. CVE-2015-3827, P0008, Google Stagefright ‘covr’ MP4 Atom Integer Underflow Remote Code Execution
58. CVE-2015-3826, P0009, Google Stagefright 3GPP Metadata Buffer Overread
59. CVE-2015-3828, P0010, Google Stagefright 3GPP Integer Underflow Remote Code Execution
60. CVE-2015-3824, P0011, Google Stagefright ‘tx3g’ MP4 Atom Integer Overflow Remote Code Execution
61. CVE-2015-3829, P0012, Google Stagefright ‘covr’ MP4 Atom Integer Overflow Remote Code Execution - See more at: https://blog.zimperium.com/stagefright-vulnerability-details-stagefright-detector-tool-released/#sthash.Wgztldfv.dpuf
62.  
63. ##########################################################
64. //BaSs_HaXoR