mercury browser exploit

All posts tagged mercury browser exploit

Good Evening Friends. Today we will drift a little bit from our system hacking and get into mobile hacking. Actually I thought of skipping this howto as it has been a long time since this exploit has been released and I thought developers of Mercury browser may have patched it but recently checked out that the vulnerable version( Mercury v3.2.3) of this Mercury browser is still available for download. So let us see today how to hack Android with Mercury Browser parseuri exploit. Start Metasploit and load the exploit as shown below. Set the required options ( i.e actually we need to set only one option, localhost )

mercury_b1

Then type command “exploit” as shown below. A server will start at the localhost as shown below.

mercury_b2

Now the only thing we need to do is make the Android users open the above url with Mercury browser. Once the android user opens the link, the exploit will run as shown below.

mercury_b3

Now, on your localhost ( attacker machine ), open a browser and type ┬áthe android user’s IP address as shown below. We got the IP address in the above picture only. As shown below, you can access all the data of our victim.

mercury_b4

Given below are the victim’s Whatsapp data.

mercury_b6