WinRar ACE exploit CVE-2018-20250

This program is an script developed in Python which exploit the ACE vulnerability on WinRar - Vulnerability CVE-2018-20250

It is based on previous project developed by WyAtu

It is used for educational purposes on Daniel Vispo Blog

How to generate the evil exploit ?

This Python script generates under the folder "./build" an evil ".rar" file which exploits the vulnerability CVE-2018-20250

• Download this GitHub Project
• Install at least Python 3.7 on Windows.
• Execute py ./create_exploit.py
• Inside ./build/ you can find the evil file exploit.rar
• If you want to change the malicious executable, put the file into ./files_to_pack/evil/ and rerun py ./create_exploit.py
• If you want to change the dummy files, put them into ./files_to_pack/others/ and rerun py ./create_exploit.py

How it works the exploit?

If the evil file is located, for example, under /Users/<windows_user>/Downloads or /Users/<windows_user>/Desktop or any other folder located under /Users/<windows_user/, when the user descompress the file with Winrar <= 5.60, the malicious executable will be decompressed under \Users\<windows_user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, which is the Startup folder for this particular <windows_user> in Windows. Next time, when the user login again on Windows, the malicious executable will be executed automatically and pwned!

Happy hacking, Daniel Vispo