Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-38831 PoC — WinRAR 安全漏洞

Source
https://github.com/s4m98/winrar-cve-2023-38831-poc-gen
Associated Vulnerability
Title:WinRAR 安全漏洞 (CVE-2023-38831)
Description:RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
Description
WinRAR cve-2023-38831-poc-generator
Readme
# CVE-2023-38831 Exploit Generator

This tool is a Python script that exploits a vulnerability in the RAR file format (CVE-2023-38831) to execute a malicious command when a user opens a bait file. The exploit works on WinRAR versions before 6.23. For Example 6.22, 6.21, 6.20 or above.

## Requirements

- Python or python3


## Usage

There are two ways to use this tool:

- To generate a proof-of-concept exploit, run the script with the argument `poc`:

`python .\cve-2023-38831-exp-gen.py poc`

This will create a file named `CVE-2023-38831-poc.rar` that contains a fake PDF file named `CLASSIFIED_DOCUMENTS.pdf` and a batch file named `script.bat`. The batch file will run a simple command to open a calculator when the user opens the PDF file.

- To generate a custom exploit, run the script with three arguments: `<ANY_PDF/PNG/JPG_FILE> <SCRIPT_NAME> <OUTPUT_NAME>`:

`python .\cve-2023-38831-exp-gen.py <ANY_PDF/PNG_FILE> <SCRIPT_NAME> <OUTPUT_NAME>`

`python cve-2023-38831-exp-gen.py CLASSIFIED_DOCUMENTS.pdf script.bat  poc.rar`

This will create a file named `<OUTPUT_NAME>` that contains a fake file named `<ANY_PDF/PNG/JPG_FILE>` and a batch file named `<SCRIPT_NAME>`. The batch file will run the command that you have written in it when the user opens the fake file.

For example, if you want to create an exploit that contains a fake PNG/JPG file named `cute-cat.png` and a batch file named `script.bat` that runs a PowerShell command to download and execute a malicious payload from a remote server, you can run the script like this:

`python .\cve-2023-38831-exp-gen.py cute-cat.png script.bat evil.rar`

## Disclaimer

This tool is for educational and research purposes only. Do not use it for any illegal or unethical purposes. I do not condone or support any malicious activities. Use it at your own risk and responsibility. I am not responsible for any damage or harm caused by this tool.
File Snapshot

 [4.0K]  /data/pocs/8f099a99f88819b8e76556f8ced5ceae2affcd4f
├── [411K]  CLASSIFIED_DOCUMENTS.pdf
├── [312K]  cute-cat.png
├── [2.2K]  cve-2023-38831-exp-gen.py
├── [1.9K]  README.md
└── [  28]  script.bat

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →