CVE-2023-38831 PoC — WinRAR 安全漏洞

Source

https://github.com/ahmed-fa7im/CVE-2023-38831-winrar-expoit-simple-Poc

Associated Vulnerability

Title:WinRAR 安全漏洞 (CVE-2023-38831)
Description:WinRAR是一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 RARLabs WinRAR 6.23之前版本存在安全漏洞。攻击者利用该漏洞可以执行任意代码。

Description

CVE-2023-38831 winrar exploit generator and get reverse shell

Readme

# CVE-2023-38831-winrar-expoit-simple-Poc

## Very important
I hope you see this link first [https://github.com/b1tg/CVE-2023-38831-winrar-exploit]

I did not write the full exploit. *He wrote the exploit*. [https://github.com/b1tg]

All he did was modify something simple to get a Reverse Shell through the script.bat file

## How To Run
`python cve-2023-38831-exp-gen.py <file name pdf,png,jpg> <script.bat> <output file name>`

*Don't forget change value ip and port*

use any file pdf , png or jpg 


### POC File .pdf


https://github.com/my-elliot/CVE-2023-38831-winrar-expoit-simple-Poc/assets/64432235/052eac7c-d25f-4873-af68-3bbfbf7e4cce



### POC File .png
*Don't forget change file name in **script.bat***


https://github.com/my-elliot/CVE-2023-38831-winrar-expoit-simple-Poc/assets/64432235/36a8be86-f495-4ee6-a2df-f6b7b77910c0





# Reference

https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/

https://thehackernews.com/2023/08/winrar-security-flaw-exploited-in-zero.html

https://github.com/b1tg/CVE-2023-38831-winrar-exploit

File Snapshot


 [4.0K]  /data/pocs/1dba76b2e2db2e58597dea543d9159cb948e3819
├── [1.5K]  cve-2023-38831-exp-gen.py
├── [1.0K]  README.md
└── [ 926]  script.bat

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!