How to hide malware in a RAR archive (CVE-2018-20250)

[quickly]

Originally released on February 20th by “https://research.checkpoint.com/extr...n-from-winrar/“, there is a logical bug using the https://github.com/googleprojectzero/winafl and exploited it in https://www.win-rar.com/start.html?&L=0 to gain full control over a victim’s computer. The exploit works by extracting an archive, and puts over 500 million users at risk of infection. This is a 19 year old exploit, that has not surfaced to the public since early 2019.
In this guide we will be teaching you exactly how to exploit a rar archive with whatever contents you want, and whatever payload file you choose.
First you will need to download the https://www.0dayexploits.net/product...20250-exploit/ from our shop. You will also require python 3.7, once you have the requirements create a new directory. Put all of these files into a directory, including the content files of your archive. You will also need to put your payload executable file into the same directory.
Open up “exp.py” in a text editor. Search for “filename_list = [“hello.txt”, “world.txt”]“. This is where you will be adding the content files of your archive. Another example would be if you want the archive to have the files index.php, page.php and test.php you could use the following.
filename_list = [“index.php”, “page.php”, “test.php”]
You will require these files to be in the same directory as “exp.py” for this to compile properly. The next step in this is to search for “target_filename“. Here you are defining the decompression path, which is where the payload file will be decompressed into when the victim extracts the archive. In this example, we are going to decompress into the startup folder, we would suggest doing in any folder that does not require administrative privileges. At the end of Line 13 (target_filename) you will find “hi.exe“. This is the name of the payload after it’s been extracted into the startup folder. You can name this anything you like.
Next you will search for “evil_filename“. Here you will find “calc.exe“, this you can change to whatever name your payload executable is. Make sure this executable is within the directory of your project.
The last step is to save this exp.py file. Using command prompt or terminal go into the directory you made for this project. Use the command “python exp.py“. This will generate the exploited archive, you may see some warnings for headers and this is perfectly normal. Test the archive yourself by extracting it and heading to the decompression path to see if your payload has made it’s way there. The reason you choose the startup is because when the victim launches their PC it will launch your malware.
Happy hacking!