Good Evening Friends. Today we will drift a little bit from our system hacking and get into mobile hacking. Actually I thought of skipping this howto as it has been a long time since this exploit has been released and I thought developers of Mercury browser may have patched it but recently checked out that the vulnerable version( Mercury v3.2.3) of this Mercury browser is still available for download. So let us see today how to hack Android with Mercury Browser parseuri exploit. Start Metasploit and load the exploit as shown below. Set the required options ( i.e actually we need to set only one option, localhost )
Then type command “exploit” as shown below. A server will start at the localhost as shown below.
Now the only thing we need to do is make the Android users open the above url with Mercury browser. Once the android user opens the link, the exploit will run as shown below.
Now, on your localhost ( attacker machine ), open a browser and type the android user’s IP address as shown below. We got the IP address in the above picture only. As shown below, you can access all the data of our victim.
Given below are the victim’s Whatsapp data.
That’s how we hack Android with the Mercury Browser parse URI exploit. See how to recover deleted messages from Android.