path traversal tool based on cve-2025-8088 # CVE-2025-8088 WinRAR path traversal tool
> **⚠ This tool is created solely for educational use only. Unauthorized use outside of controlled environments is strictly prohibited.**
A Python script that exploits CVE-2025-8088, a path traversal vulnerability in WinRAR, by generating a malicious archive that places executable payloads into the Windows startup folder using multiple relative directory levels to ensure reliable execution regardless of the extraction location
# Requirements
- Windows OS
- Python 3.4+
- Pip
- WinRar
# Features
- **Fully customizable decoy files**
- **Deploys payload to Windows startup for persistence**
- **Hides payload using ADS**
- **Patches RAR headers structure for path injection**
- **Ensures archive integrity by regenerating CRC values**
# How it works?
1. Creates decoy files
2. Embeds payload streams using multiple levels of path traversal using ADS
3. Modifies archives structure with ADS
4. CRC recalculation
5. Delivers output to Startup
# Configuration⚙
Configure the config.py file
```python
# Configuration
DECOY_FILE_NAME = "document"
DROP_PATH = "AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\payload.bat"
PAYLOAD = "@echo off\nstart /B C:\Users\Public\file.exe\n"
```
To use your own decoy file, type its full path instead of name.
# Run💨
Run the script:
```shell
python CVE-2025-8088.py
```
The output will appear in the output folder.
# Disclaimer
This tool is created solely for educational use only. Unauthorized use outside of controlled environments is strictly prohibited.
登录后查看神龙缓存的 POC 文件快照
登录查看