Automated Exploit for CVE-2024-0044 .# EXPLOITER: Automated Exploit for CVE-2024-0044
**EXPLOITER** is a sophisticated tool designed for automated exploitation of CVE-2024-0044 vulnerabilities. This script streamlines the process of exploiting vulnerable Android applications by automating the payload deployment and APK installation.
## Overview
EXPLOITER automates the exploitation of CVE-2024-0044, installing malicious payloads on a target device and extracting sensitive data. It features automated ADB connection checks, APK pushing, UID extraction, payload generation, and real-time progress updates, providing a seamless and professional user experience.
## Features
- **Automated APK Installation**: Pushes and installs the APK file onto the target device.
- **Payload Execution**: Generates and executes payloads based on the application's UID.
- **ADB Device Detection**: Checks for connected ADB devices and verifies connectivity.
- **User-Friendly Interface**: Command-line arguments for easy configuration and execution.
## Prerequisites
- **ADB (Android Debug Bridge)**: Ensure ADB is installed and properly configured on your system.
- **Python 3**: This script is compatible with Python 3 new versions.
## Installation
1. **Clone the Repository**:
```bash
git clone https://github.com/Athexhacker/EXPLOITER.git
cd EXPLOITER
```
2. **Install Dependencies**:
Ensure you have Python 3.x installed and then install any required Python packages (if needed):
```bash
pip install -r requirements.txt
```
## Usage
1. **Connect Your Device**:
Make sure your Android device is connected and ADB is properly set up:
```bash
adb devices
```
2. **Run the Exploit**:
Use the following command to start the exploit. Replace `com.whatsapp` with the target package name and provide the path to your APK file:
```bash
python3 EXPLOITER.py -p com.whatsapp -a /path/to/your.apk
```
- `-p, --package`: Target package name (e.g., `com.whatsapp`).
- `-a, --apk`: Path to the APK file to install.
## Example
```bash
python3 EXPLOITER.py -p com.whatsapp -a /path/to/whatsapp.apk
```
## Acknowledgments
- **CVE-2024-0044**: The vulnerability discovered by Meta Security.
- **The vulnerability (CVE-2024-0044) allows an attacker with ADB access to bypass the debuggability check and run code in the context of any non-system-UID app, leading to local escalation of privilege with no additional execution privileges needed.**
- **In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app vulnerability due to improper input validation in Android 12 and 13. The vulnerability (CVE-2024-0044) allows an attacker with ADB access to bypass the debuggability check and run code in the context of any non-system-UID app, leading to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation**
## Disclaimer
This tool is for educational purposes only. The author and contributors are not responsible for any misuse or illegal activities performed using this tool. Use responsibly and only on devices and systems you own or have explicit permission to test.
## Contact
For any issues or questions, please open an issue on the GitHub repository or contact the maintainer at `contact@athexithouse@gmail.com`.
---
**EXPLOITER** - A powerful tool for educational exploitation purposes. Always use responsibly and ensure compliance with local laws and regulations.
---
[4.0K] /data/pocs/533741bf80b2a6e72ebbf6ca9363485f8c0a1228
├── [7.5K] EXPLOITER.py
├── [3.4K] README.md
└── [ 33] requirements.txt
1 directory, 3 files