Posted on 8 Comments

Hack Android with Mercury browser parseuri exploit

Good Evening Friends. Today we will drift a little bit from our system hacking and get into mobile hacking. Actually I thought of skipping this howto as it has been a long time since this exploit has been released and I thought developers of Mercury browser may have patched it but recently checked out that the vulnerable version( Mercury v3.2.3) of this Mercury browser is still available for download. So let us see today how to hack Android with Mercury Browser parseuri exploit. Start Metasploit and load the exploit as shown below. Set the required options ( i.e actually we need to set only one option, localhost )

mercury_b1

Then type command “exploit” as shown below. A server will start at the localhost as shown below.

mercury_b2

Now the only thing we need to do is make the Android users open the above url with Mercury browser. Once the android user opens the link, the exploit will run as shown below.

mercury_b3

Now, on your localhost ( attacker machine ), open a browser and type ┬áthe android user’s IP address as shown below. We got the IP address in the above picture only. As shown below, you can access all the data of our victim.

mercury_b4

Given below are the victim’s Whatsapp data.

mercury_b6

8 thoughts on “Hack Android with Mercury browser parseuri exploit

  1. After typing use auxiliary/server/andriod_mercury_pasueri
    It says it failed to load the module.
    Do u have a solution
    Thank you.

    1. Hey Real, update your metasploit framework by typing command “msfupdate” in the terminal.

  2. Do u need Linux to install
    that

    1. Evillgoby, I didn’t get your question. If you are talking about mercury browser app, it is available in play store.

  3. after I type “exploit”

    Showed:

    Auxiliary failed: Rex: :BindFailed The address is already in use or unavailable: (192.168.1.111:8080)
    call stack:
    …..
    …..

    What must be do?

    1. Try a different port like 8081 or 9000

  4. what should we know about victim’s Smart phone like IP address or how can we enforce victim to install Mercury Browser

    1. @MAK, there are no fixed steps to do this. Use your creativity.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.