来源

关联漏洞

描述

a vulnerability affecting Android version 12 & 13

介绍

# CVE-2024-0044

## Overview

**CVE-2024-0044** is a vulnerability discovered in certain Android applications that allows attackers to escalate privileges by exploiting a flaw in the `run-as` command. This vulnerability can be exploited by crafting a specific payload that grants unauthorized access to application data directories, which should otherwise be inaccessible to the attacker.


## Overview

This Bash script automates the exploitation of CVE-2024-0044 by pushing a malicious APK to the target device, extracting the necessary UID, generating a payload, and guiding the user through executing the required commands in an `adb` shell.

### Features

- **APK Push**: The script pushes a specified APK to the target device.
- **UID Extraction**: It extracts the UID of the target application.
- **Payload Generation**: Generates a payload designed to exploit the vulnerability.
- **Interactive Execution**: Prompts the user for input at key steps to guide them through the exploitation process.


### Prerequisites

- **ADB (Android Debug Bridge)**: Ensure that `adb` is installed and properly configured on your system.
- **Rooted Android Device**: The target device must be rooted to allow access to the `/data/local/tmp` directory and execution of the `run-as` command.

### Execution

1. **Save the Script**: Save the Bash script as `exploit_cve_2024_0044.sh`.
2. **Make the Script Executable**: Run the following command to make the script executable:
    ```bash
    chmod +x exploit_cve_2024_0044.sh
    ```
3. Usage:
    ```bash
    ./exploit_cve_2024_0044.sh -P <package_name> -A <apk_file_path>
    ```
   - **-P**: The package name of the target application.
   - **-A**: The path to the malicious APK file.

文件快照

 [4.0K]  /data/pocs/1fada3c290262c5871cdb2ea0fe40c8ceee417c8
├── [4.5K]  exploit.sh
└── [1.7K]  README.md

0 directories, 2 files

备注