This program is an script developed in Python which exploit the ACE vulnerability on WinRar - Vulnerability CVE-2018-20250
It is based on previous project developed by WyAtu
It is used for educational purposes on Daniel Vispo Blog
This Python script generates under the folder "./build" an evil ".rar" file which exploits the vulnerability CVE-2018-20250
- Download this GitHub Project
- Install at least Python 3.7 on Windows.
- Execute
py ./create_exploit.py - Inside
./build/you can find the evil fileexploit.rar - If you want to change the malicious executable, put the file into
./files_to_pack/evil/and rerunpy ./create_exploit.py - If you want to change the dummy files, put them into
./files_to_pack/others/and rerunpy ./create_exploit.py
If the evil file is located, for example, under /Users/<windows_user>/Downloads or /Users/<windows_user>/Desktop or any other folder located under /Users/<windows_user/, when the user descompress the file with Winrar <= 5.60, the malicious executable will be decompressed under \Users\<windows_user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, which is the Startup folder for this particular <windows_user> in Windows. Next time, when the user login again on Windows, the malicious executable will be executed automatically and pwned!
Happy hacking, Daniel Vispo