Share
## https://sploitus.com/exploit?id=83411321-D057-55FD-8B88-79903D15B522
This is a PoC exploit for CVE-2015-3301, a vulnerability in the Stagefright media library that allows for remote code execution on Android devices. The exploit, called Metaphor, is designed to bypass Address Space Layout Randomization (ASLR) and execute arbitrary code on the device.

The exploit consists of a Python script that generates MP4 files that exploit the vulnerability in Stagefright. The script uses a PHP server to serve the exploit files, which are then downloaded and executed by the device's media player.

The exploit targets Nexus 5 devices running Android 5.0.1, and it uses a combination of techniques to bypass ASLR and execute arbitrary code. The exploit includes a gadgets finder module that identifies potential gadgets (small code snippets) in the device's memory, and a leak module that leaks memory addresses to be used by the exploit.

The exploit can be launched using the `metaphor.py` script, which takes several options, including the type of exploit to generate (leak, RCE, or suicide) and the configuration file to use. The script can also be launched using a Visual Studio project file (`metaphor.pyproj`) that includes a set of predefined options.

The exploit has several notable dependencies, including the `p