Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-8088 PoC — Path traversal vulnerability in WinRAR

Source
https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool
Associated Vulnerability
Title:Path traversal vulnerability in WinRAR (CVE-2025-8088)
Description:A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
Description
Advanced WinRAR Path Traversal Exploit Tool for CVE-2025-8088
Readme
#  CVE-2025-8088 WinRAR Exploit

> **Advanced WinRAR Path Traversal Exploit Tool**

A sophisticated GUI tool for creating malicious RAR archives that exploit the WinRAR path traversal vulnerability (CVE-2025-8088) using ADS and RAR5 header manipulation.

##  Features

- **ADS Exploitation** - NTFS Alternate Data Streams for payload hiding
- **RAR5 Header Manipulation** - Direct header patching for path injection  
- **GUI Interface** - Clean, modern user interface
- **Startup Targeting** - Automatic payload placement in Windows startup
- **Custom Decoy Support** - Use your own decoy files or default

##  Requirements

- Python 3.6+
- WinRAR CLI
- customtkinter

##  Quick Start

```bash
# Install dependencies
pip install -r requirements.txt

# Run the tool
python gui.py
```

##  Usage

1. **Select Payload** - Choose your executable file (.exe, .bat, etc.)
2. **Choose Decoy** - Select a decoy file or leave empty for default
3. **Name Archive** - Enter output RAR filename
4. **Build** - Generate the exploit archive

##  How It Works

The tool creates RAR archives with path traversal using:

1. **ADS Creation** - Hides payload in NTFS alternate data streams
2. **RAR Building** - Creates base RAR with ADS using WinRAR CLI
3. **Header Patching** - Injects traversal path into RAR5 headers
4. **CRC Recalculation** - Ensures archive integrity
5. **Output** - Delivers malicious RAR ready for extraction

**Path Example**: `..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\payload.exe`

##  Disclaimer

This tool is for **educational and authorized testing purposes only**. Use only in controlled environments with proper consent.

##  Author

**Made by [@tcixt](https://t.me/tcixt) on Telegram**

---

*Advanced red team tool for CVE-2025-8088 exploitation*
File Snapshot

 [4.0K]  /data/pocs/a3315cbd2068a682ded052d6522733a6e53a624f
├── [9.2K]  exploit_core.py
├── [5.2K]  gui.py
├── [4.0K]  output
│   └── [  32]  README.md
├── [1.8K]  README.md
└── [  21]  requirements.txt

1 directory, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →