CVE-2025-8088 PoC — WinRAR 安全漏洞

Source

https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool

Associated Vulnerability

Title:WinRAR 安全漏洞 (CVE-2025-8088)
Description:WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞，该漏洞源于路径遍历问题，可能导致任意代码执行。

Description

Advanced WinRAR Path Traversal Exploit Tool for CVE-2025-8088

Readme

#  CVE-2025-8088 WinRAR Exploit

> **Advanced WinRAR Path Traversal Exploit Tool**

A sophisticated GUI tool for creating malicious RAR archives that exploit the WinRAR path traversal vulnerability (CVE-2025-8088) using ADS and RAR5 header manipulation.

##  Features

- **ADS Exploitation** - NTFS Alternate Data Streams for payload hiding
- **RAR5 Header Manipulation** - Direct header patching for path injection  
- **GUI Interface** - Clean, modern user interface
- **Startup Targeting** - Automatic payload placement in Windows startup
- **Custom Decoy Support** - Use your own decoy files or default

##  Requirements

- Python 3.6+
- WinRAR CLI
- customtkinter

##  Quick Start

```bash
# Install dependencies
pip install -r requirements.txt

# Run the tool
python gui.py
```

##  Usage

1. **Select Payload** - Choose your executable file (.exe, .bat, etc.)
2. **Choose Decoy** - Select a decoy file or leave empty for default
3. **Name Archive** - Enter output RAR filename
4. **Build** - Generate the exploit archive

##  How It Works

The tool creates RAR archives with path traversal using:

1. **ADS Creation** - Hides payload in NTFS alternate data streams
2. **RAR Building** - Creates base RAR with ADS using WinRAR CLI
3. **Header Patching** - Injects traversal path into RAR5 headers
4. **CRC Recalculation** - Ensures archive integrity
5. **Output** - Delivers malicious RAR ready for extraction

**Path Example**: `..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\payload.exe`

##  Disclaimer

This tool is for **educational and authorized testing purposes only**. Use only in controlled environments with proper consent.

##  Author

**Made by [@tcixt](https://t.me/tcixt) on Telegram**

---

*Advanced red team tool for CVE-2025-8088 exploitation*

File Snapshot


 [4.0K]  /data/pocs/a3315cbd2068a682ded052d6522733a6e53a624f
├── [9.2K]  exploit_core.py
├── [5.2K]  gui.py
├── [4.0K]  output
│   └── [  32]  README.md
├── [1.8K]  README.md
└── [  21]  requirements.txt

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!