wyatu / cve-2018-20250 Goto Github PK
View Code? Open in Web Editor NEWexp for https://research.checkpoint.com/extracting-code-execution-from-winrar
exp for https://research.checkpoint.com/extracting-code-execution-from-winrar
Thanks for the source , i tested with winrar version 5.61 and it worked but after the update to 5.70
you will get error msg winrar corrupted or damaged
question in title
Using WinRAR version 4.20. Running the generated RAR file on Windows 10 x64 1809 results in this error when opening/extracting the archive.
"Cannot create C:\C:C:..\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\payload.exe"
https://gyazo.com/43f7e4e8a786a78bd0035275f07053ed
when i extract the rar i get this
[*] Start to generate the archive file best.rar...
Traceback (most recent call last):
File "C:\Users\Uncle Tom\Desktop\hack-winrar\exp.py", line 114, in
build_file_once(filename_list[i])
File "C:\Users\Uncle Tom\Desktop\hack-winrar\exp.py", line 102, in build_file_once
build_file_add(shellcode, rar_filename)
File "C:\Users\Uncle Tom\Desktop\hack-winrar\exp.py", line 98, in build_file_add
f.write(binascii.a2b_hex(shellcode.upper()))
TypeError: Non-hexadecimal digit found
Using Windows OS
test.rar: CorruptedArchiveError: header CRC failed
test.rar: CorruptedArchiveError: header CRC failed
test.rar: CorruptedArchiveError: header CRC failed
[+] Evil archive file test.rar generated successfully
Hi,
When run exp.py this error shown:
C:\Users\05\Desktop\New folder\CVE-2018-20250-master>py -3 exp.py
[*] Start to generate the archive file test.rar...
Traceback (most recent call last):
File "exp.py", line 111, in
build_file(shellcode_head, rar_filename)
File "exp.py", line 93, in build_file
with open(filename, "wb") as f:
FileNotFoundError: [Errno 2] No such file or directory: 'test.rar'
when i run your script this error shown:
F:\test winrar\37>python exp.py
[*] Start to generate the archive file test.rar...
Unable to create process using '"C:\Program Files\Python37\python.exe" acefile.py --headers test.rar'
Traceback (most recent call last):
File "exp.py", line 114, in
build_file_once(filename_list[i])
File "exp.py", line 103, in build_file_once
shellcode_new = modify_hdr_crc(shellcode, rar_filename)
File "exp.py", line 58, in modify_hdr_crc
hdr_crc_raw = get_right_hdr_crc(filename)
File "exp.py", line 54, in get_right_hdr_crc
right_hdr_crc = result[0].upper()
IndexError: list index out of range
Its not that simple , one thing to mention about this script is that the victim should extract zip file in Desktop to through "../" zip can access the appdata inside of %USERNAME% without knowing the actual username !
so what if it would be extracted anywhere else ? how a zip file could access username for extraction ?
i fixed the problem what i faced.
question in the title :)
ERROR on python 3.70 test.rar: CorruptedArchiveError: header CRC failed whats header reg?
[*] Start to generate the archive file test.rar...
Traceback (most recent call last):
File "exp.py", line 111, in
build_file(shellcode_head, rar_filename)
File "exp.py", line 94, in build_file
f.write(binascii.a2b_hex(shellcode.upper()))
OSError: [Errno 9] Bad file descriptor
Any help to fix that Error?
When unpacking, hi.exe is unpacked by creating another copy of the AppData folder on the desktop. Must be "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup". It turns out "C:\Users\user\ Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
WinRar 5.61 release.
[*] Start to generate the archive file Tet.rar... 'py' is not recognized as an internal or external command, operable program or batch file. Traceback (most recent call last): File "exp.py", line 114, in <module> build_file_once(filename_list[i]) File "exp.py", line 103, in build_file_once shellcode_new = modify_hdr_crc(shellcode, rar_filename) File "exp.py", line 58, in modify_hdr_crc hdr_crc_raw = get_right_hdr_crc(filename) File "exp.py", line 54, in get_right_hdr_crc right_hdr_crc = result[0].upper() IndexError: list index out of range
Is it meant to create an AppData folder as C:/AppData?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.