⚠ This tool is created solely for educational use only. Unauthorized use outside of controlled environments is strictly prohibited.
A Python script that exploits CVE-2025-8088, a path traversal vulnerability in WinRAR, by generating a malicious archive that places executable payloads into the Windows startup folder using multiple relative directory levels to ensure reliable execution regardless of the extraction location
- Windows OS
- Python 3.4+
- Pip
- WinRar
- Fully customizable decoy files
- Deploys payload to Windows startup for persistence
- Hides payload using ADS
- Patches RAR headers structure for path injection
- Ensures archive integrity by regenerating CRC values
- Creates decoy files
- Embeds payload streams using multiple levels of path traversal using ADS
- Modifies archives structure with ADS
- CRC recalculation
- Delivers output to Startup
Configure the config.py file
# Configuration
DECOY_FILE_NAME = "document"
DROP_PATH = "AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\payload.bat"
PAYLOAD = "@echo off\nstart /B C:\Users\Public\file.exe\n"To use your own decoy file, type its full path instead of name.
Run the script:
python main.pyThe output will appear in the output folder.
This tool is created solely for educational use only. Unauthorized use outside of controlled environments is strictly prohibited.
This project does not include exploit-capable logic, malware, or harmful payloads.
Any misuse is strictly prohibited.
By using this repository, you agree to comply with all applicable laws and ethical standards.