Share
## https://sploitus.com/exploit?id=B15FC25E-F0FA-5E14-B644-277EDC4821FE
# โ ๏ธ CVE-2025-8088 WinRAR Exploit Tool โ ๏ธ
> **[ SYSTEM ACCESS: GRANTED ]**
> **[ TARGET: WINRAR VULNERABILITY ]**
A sophisticated, military-grade GUI tool designed for creating malicious RAR archives that exploit the WinRAR path traversal vulnerability (CVE-2025-8088). This tool leverages advanced NTFS Alternate Data Streams (ADS) and RAR5 header manipulation to bypass security controls.
---
## โก System Capabilities
* **[+] ADS Stealth Technology**: Utilizes NTFS Alternate Data Streams to cloak payloads.
* **[+] Header Injection**: Direct RAR5 header manipulation for precise path traversal.
* **[+] HACKER GUI**: Custom-built **PyQt6** interface with a terminal-style aesthetic.
* **[+] Auto-Persistence**: Automatically targets Windows Startup for persistence.
* **[+] Decoy Ops**: Supports custom decoy files to maintain stealth.
## ๐ ๏ธ System Requirements
* Python 3.8+
* WinRAR CLI (must be in system PATH or default location)
* **PyQt6**
## ๐ Initialization
```bash
# 1. Install required modules
pip install PyQt6
# 2. Launch the exploit console
python gui.py
```
## ๐ Operation Manual
1. **PAYLOAD**: Select your executable payload (`.exe`, `.bat`).
2. **DECOY**: (Optional) Choose a decoy file to distract the target.
3. **TARGET**: Set the fallback username (default: Administrator).
4. **OUTPUT**: Define the name of the malicious archive.
5. **EXECUTE**: Click **INITIATE EXPLOIT BUILD** to generate the artifact.
## โ๏ธ Technical Intel
The tool operates in five phases:
1. **Stream Injection**: Hides payload in ADS.
2. **Archive Construction**: Builds base RAR.
3. **Header Patching**: Modifies headers for traversal (`..\..\`).
4. **Integrity Check**: Recalculates CRC32.
5. **Deployment**: Finalizes the weaponized RAR.
**Target Path**: `..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\`
---
## โ ๏ธ Disclaimer
> **WARNING: AUTHORIZED PERSONNEL ONLY**
>
> This tool is for **EDUCATIONAL PURPOSES** and **AUTHORIZED SECURITY TESTING** only. The author is not responsible for any misuse or damage caused by this program.
---
## ๐จโ๐ป Developer
**Developed by [@XiaoNamdev](https://t.me/XiaoNamdev)**
> *Knowledge is power. Use it wisely.*