i think you first in need to get a vulnerability inside the operating system or vulnerable application on the target phone and through this vulnerability you can run your payload after exploiting it [should be a dangerous vulnerability to get reverse connection or RCE ]…
You should search about android vulnerabilities [core,webbrowser,networks…etc]
You are right but it’s a little different case here. Just like Metasploit reverse TCP connection apk payload stegnography will also work. In both the cases you don’t need to find vulnerability in remote android system all you need is to fool your victim and make him/her install your malicious apk generated from Metasploit then you are ready to go. We need to understand the difference between payload and exploit in order to clear doubts regarding this issue.
Sure you’re 100% right … to hack any android phone you just need to run your payload on the operating system … You can do this in many different ways, make the victim install the payload (APK Payload), or you run it via a vulnerability after exploit it (true exploitation of a particular vulnerability makes us run a payload )… so our mission depended on the “PAYLOAD” … Thanks bro.
Sadly this exploit is not remote. In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation
Nope. The browser is just the door and the key to bring and run payload. When the payload is executed, browser has done it’s job.
Like on computer. You download a payload from browser. If you run it and close browser, it still runs
Also check about a vulnerability that happens to most Android phones and all pc’s with Linux that have enabled wifi.
This attack is caused of a wifi patch that has the vulnerability. The attack can be remotely and you have access completely control on your victim’s machine
This tool can be used to control victim apk, the only problem with this is that, it will work till the link opened in browser
Other that this, u can use adb to hack phone remotely without any vulnerability, only requirement is that adb debugging must be enable and wireless debugging too
I hope uk that hiding your payload in an image file and then sharing it with your target on a social media platform will make payload not working as they decompress that images sent over their platforms.
No sharing of private information. Even if it is temporary this community discourages sending emails to our community members seeking any kind of information. It can also be shared here in the public thread unless it is a nuclear secret of your country.
bro u can downlaod b2injector application in windows and create a payload in windows with .exe server and open b2injector and selet the .exe file and select the image and it will inject the payload in the image and when the victim opened the image u can see that they have been hacked … bro use 888 rat in windows for creating a payload