Exploit for Path Traversal in Rarlab Winrar CVE-2025-8088

## https://sploitus.com/exploit?id=0AEC5CEA-1ACD-55C4-80FC-250F80922CE5
# Amaranth Project

A multi-stage backdoor implantation attack chain is implemented using **CVE-2025-8088** (WinRAR path traversal vulnerability, ≤ 7.11).  
Fleece document → Malicious RAR → CVE trigger → ADS writing → Stager execution → File loading → C2 launch

## Project Structure

| Directory | Content |
|-----------|----------|
| `Stage01~Stage07/` | Source code and test scripts for each stage |
| `loader/` | Self-developed PE memory loader (C language) |
| `rat-client/` | Self-developed streamlined RAT client (C#) |
| `source/` | Source code for Quasar RAT/AsyncRAT |
| `tools/` | Tools for Quasar C2 server, Donut, etc. |
| `payloads/` | Compiled payload files |
| `poc/` | CVE-2025-8088 exploitation script |
| `side-load/` | DLL side loading experiments |
| `docs/` | Documentation, progress reports, attack process |
| `planning` | Original planning document |

## Acknowledgments

- **Quasar RAT**: Open-source RAT framework (https://github.com/quasar/QuasarRAT). The `source/Quasar-master/` directory contains its original source code; the C2 client is compiled based on this source code.
- **AsyncRAT**: Open-source RAT framework (https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp). The `source/AsyncRAT-C-Sharp/` directory contains its original source code.

## Test Environment

| Machine | IP | Role |
|---------|------|------|
| Physical Server | 192.168.30.1 | C2 Server + Attack Machine |
| Win10 VM | 192.168.30.136 | Target Machine (WinRAR 7.11) |

## Security Statement

This project is used solely for cybersecurity research and educational purposes.

[source-iocs-preserved url=https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp），项目中的,https://github.com/quasar/QuasarRAT），项目中的]