Share
## https://sploitus.com/exploit?id=B15FC25E-F0FA-5E14-B644-277EDC4821FE
# โ˜ ๏ธ CVE-2025-8088 WinRAR Exploit Tool โ˜ ๏ธ

> **[ SYSTEM ACCESS: GRANTED ]**
> **[ TARGET: WINRAR VULNERABILITY ]**

A sophisticated, military-grade GUI tool designed for creating malicious RAR archives that exploit the WinRAR path traversal vulnerability (CVE-2025-8088). This tool leverages advanced NTFS Alternate Data Streams (ADS) and RAR5 header manipulation to bypass security controls.

---

## โšก System Capabilities

*   **[+] ADS Stealth Technology**: Utilizes NTFS Alternate Data Streams to cloak payloads.
*   **[+] Header Injection**: Direct RAR5 header manipulation for precise path traversal.
*   **[+] HACKER GUI**: Custom-built **PyQt6** interface with a terminal-style aesthetic.
*   **[+] Auto-Persistence**: Automatically targets Windows Startup for persistence.
*   **[+] Decoy Ops**: Supports custom decoy files to maintain stealth.

## ๐Ÿ› ๏ธ System Requirements

*   Python 3.8+
*   WinRAR CLI (must be in system PATH or default location)
*   **PyQt6**

## ๐Ÿš€ Initialization

```bash
# 1. Install required modules
pip install PyQt6

# 2. Launch the exploit console
python gui.py
```

## ๐Ÿ’€ Operation Manual

1.  **PAYLOAD**: Select your executable payload (`.exe`, `.bat`).
2.  **DECOY**: (Optional) Choose a decoy file to distract the target.
3.  **TARGET**: Set the fallback username (default: Administrator).
4.  **OUTPUT**: Define the name of the malicious archive.
5.  **EXECUTE**: Click **INITIATE EXPLOIT BUILD** to generate the artifact.

## โš™๏ธ Technical Intel

The tool operates in five phases:
1.  **Stream Injection**: Hides payload in ADS.
2.  **Archive Construction**: Builds base RAR.
3.  **Header Patching**: Modifies headers for traversal (`..\..\`).
4.  **Integrity Check**: Recalculates CRC32.
5.  **Deployment**: Finalizes the weaponized RAR.

**Target Path**: `..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\`

---

## โš ๏ธ Disclaimer

> **WARNING: AUTHORIZED PERSONNEL ONLY**
>
> This tool is for **EDUCATIONAL PURPOSES** and **AUTHORIZED SECURITY TESTING** only. The author is not responsible for any misuse or damage caused by this program.

---

## ๐Ÿ‘จโ€๐Ÿ’ป Developer

**Developed by [@XiaoNamdev](https://t.me/XiaoNamdev)**

> *Knowledge is power. Use it wisely.*