Skip to content

This program is an script developed in Python which exploit the ACE vulnerability on WinRar - Vulnerability CVE-2018-20250

Notifications You must be signed in to change notification settings

H4xl0r/WinRar_ACE_exploit_CVE-2018-20250

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 

Repository files navigation

WinRar ACE exploit CVE-2018-20250

This program is an script developed in Python which exploit the ACE vulnerability on WinRar - Vulnerability CVE-2018-20250

It is based on previous project developed by WyAtu

It is used for educational purposes on Daniel Vispo Blog

How to generate the evil exploit ?

This Python script generates under the folder "./build" an evil ".rar" file which exploits the vulnerability CVE-2018-20250

  • Download this GitHub Project
  • Install at least Python 3.7 on Windows.
  • Execute py ./create_exploit.py
  • Inside ./build/ you can find the evil file exploit.rar
  • If you want to change the malicious executable, put the file into ./files_to_pack/evil/ and rerun py ./create_exploit.py
  • If you want to change the dummy files, put them into ./files_to_pack/others/ and rerun py ./create_exploit.py

How it works the exploit?

If the evil file is located, for example, under /Users/<windows_user>/Downloads or /Users/<windows_user>/Desktop or any other folder located under /Users/<windows_user/, when the user descompress the file with Winrar <= 5.60, the malicious executable will be decompressed under \Users\<windows_user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, which is the Startup folder for this particular <windows_user> in Windows. Next time, when the user login again on Windows, the malicious executable will be executed automatically and pwned!

Happy hacking, Daniel Vispo

About

This program is an script developed in Python which exploit the ACE vulnerability on WinRar - Vulnerability CVE-2018-20250

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published