CVE-2024-0044

This repository contains a functional exploit for CVE-2024-0044, a local privilege escalation vulnerability in Android 12/13's PackageInstallerService. The exploit manipulates session creation to perform a 'run-as any app' attack, allowing unauthorized data extraction from apps like WhatsApp without root access.

This repository contains a functional exploit PoC for CVE-2024-0044, a vulnerability in the Android framework allowing arbitrary code execution under the UID of any app. The exploit bypasses the original patch by leveraging an unvalidated `installerPackageName` parameter in the `PackageInstallerService`.

The repository claims to exploit CVE-2024-0044 but lacks functional exploit code, instead providing vague instructions and external references. The README focuses on payload delivery via Metasploit without technical details about the vulnerability itself.

EvilDroid is an automated exploit tool for CVE-2024-0044, targeting Android applications via ADB to install malicious payloads and extract sensitive data. It automates APK installation, payload execution, and data extraction using ADB commands.

This repository contains a functional exploit for CVE-2024-0044, an Android privilege escalation vulnerability that allows arbitrary app sandbox file extraction via newline injection in the 'run-as' command. The script automates the process of installing a malicious APK with a crafted payload to bypass debuggability checks and extract target app data.

This repository contains a functional Python exploit for CVE-2024-0044, a local privilege escalation vulnerability in Android's 'run-as' command. The exploit allows an attacker with ADB access to bypass the Application Sandbox and access private files of any installed application.

This repository contains a functional exploit for CVE-2024-0044, targeting Android applications via ADB. The script automates the process of pushing an APK, generating a payload, and extracting data from a vulnerable application.

This repository contains a functional Bash script that automates the exploitation of CVE-2024-0044, a privilege escalation vulnerability in Android applications via the `run-as` command. The script pushes a malicious APK, extracts the target UID, generates a payload, and guides the user through executing commands in an ADB shell.

This repository contains a functional exploit for CVE-2024-0044, targeting Android applications via ADB. The script automates the process of pushing an APK, generating a payload, and extracting data from the target application.

This repository contains a functional exploit for CVE-2024-0044, which leverages a vulnerability in Android's run-as command to execute arbitrary APKs with the privileges of another application. The exploit automates the process of pushing an APK, generating a payload, and extracting data from the target application's directory.

This repository contains a functional Bash script that exploits CVE-2024-0044, a 'run-as any app' vulnerability in Android 12 and 13. The exploit leverages ADB to install a malicious APK and extract data from a target application by abusing the 'run-as' command with crafted payloads.

This repository contains a functional exploit for CVE-2024-0044, a local privilege escalation vulnerability in Android 12/13's PackageInstallerService. The exploit leverages improper input validation in the createSessionInternal function to perform a 'run-as any app' attack, allowing unauthorized data extraction from applications like WhatsApp, Google Messages, or Contacts.

This repository contains a functional proof-of-concept for CVE-2024-0044, demonstrating a UID bypass vulnerability in Android's run-as command via manipulation of the packages.list file. The exploit includes a simulator for the attack and a detector for identifying related logcat entries.

The repository contains only a generic GitLab README template with no exploit code, technical details, or references to CVE-2024-0044. It appears to be a placeholder or empty project.

This repository contains a functional exploit for CVE-2024-0044, leveraging the 'Run-as' vulnerability to bypass permission restrictions on non-rooted Android 12/13 devices. It extracts Google Chrome forensic data by exploiting the package manager to gain unauthorized access to app data directories.

The repository contains functional exploit code for CVE-2024-0044, demonstrating a denial-of-service vulnerability in Android's NotificationManagerService. The PoC leverages the `addAutomaticZenRule` API to exhaust device memory by creating malicious 'Do Not Disturb' rules.

This repository contains a functional exploit for CVE-2024-0044, which leverages a vulnerability in Android's 'run-as' command to forge UID permissions and extract data from targeted applications. The script automates the exploitation process by crafting a malicious payload and using ADB to install it, then extracts the target app's data into a tar archive.