Skip to content
/ scaredycat Public

Python script to generate a malicious MP4 file and start a CherryPy web server hosting a simple HTML page with the embedded file. Exploits another Stagefright vulnerability, the integer overflow (CVE-2015-3864).

18 stars 15 forks Branches Tags Activity
Star
Notifications

eudemonics/scaredycat

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

README.md

README.md

 
 

libc.so

libc.so

 
 

scaredycat.py

scaredycat.py

 
 

scaredycat.py.asc

scaredycat.py.asc

 
 

shellcode.bin

shellcode.bin

 
 

Repository files navigation

SCAREDYCAT! version 0.1 beta

Python script to generate a malicious MP4 file and start a web server hosting a page with the embedded 'video' file on port 8080.

This exploits another Stagefright vulnerability, the integer overflow vulnerability (CVE-2015-3864), published by Exodus Intelligence.

author: vvn (eudemonics) <root [at] nobody [dot] ninja>

built upon original exploit code from Google for CVE-2015-3864

####** usage: scaredycat.py [-h] [-p PAYLOAD] [-v] [libcfile]

optional arguments:

libcfile              path to libc.so file (usually in /system/lib on
                      android devices). one is included in the repo.
-h, --help            show this help message and exit
-p PAYLOAD, --payload PAYLOAD
                      path to shellcode/payload to be injected into mp4 file.
                      a generic one created by meterpreter is included.
-v, --version         version information

About

Python script to generate a malicious MP4 file and start a CherryPy web server hosting a simple HTML page with the embedded file. Exploits another Stagefright vulnerability, the integer overflow (CVE-2015-3864).

Resources

Readme
Activity

Stars

18 stars

Watchers

4 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages