Home

Awesome

CVE-2024-0044

Overview

CVE-2024-0044 is a vulnerability discovered in certain Android applications that allows attackers to escalate privileges by exploiting a flaw in the run-as command. This vulnerability can be exploited by crafting a specific payload that grants unauthorized access to application data directories, which should otherwise be inaccessible to the attacker.

Overview

This Bash script automates the exploitation of CVE-2024-0044 by pushing a malicious APK to the target device, extracting the necessary UID, generating a payload, and guiding the user through executing the required commands in an adb shell.

Features

Prerequisites

Execution

  1. Save the Script: Save the Bash script as exploit_cve_2024_0044.sh.
  2. Make the Script Executable: Run the following command to make the script executable:
    chmod +x exploit_cve_2024_0044.sh
    
  3. Usage:
    ./exploit_cve_2024_0044.sh -P <package_name> -A <apk_file_path>
    
    • -P: The package name of the target application.
    • -A: The path to the malicious APK file.