Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/xaitax/winrar-cve-2023-38831

This module exploits a vulnerability in WinRAR (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, a script is executed, leading to code execution.
https://github.com/xaitax/winrar-cve-2023-38831

Last synced: 7 days ago
JSON representation

This module exploits a vulnerability in WinRAR (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, a script is executed, leading to code execution.

Host: GitHub
URL: https://github.com/xaitax/winrar-cve-2023-38831
Owner: xaitax
Created: 2023-09-03T21:14:05.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2023-09-08T06:15:42.000Z (about 1 year ago)
Last Synced: 2023-09-08T07:28:46.220Z (about 1 year ago)
Language: Ruby
Size: 11.5 MB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# WinRAR-CVE-2023-38831
This Metasploit module exploits a vulnerability in WinRAR 6.22 (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, the decoy document is executed, leading to code execution.

It is not pretty, but works. 🤷🏻

Alexander Hagenah [@xaitax](https://twitter.com/xaitax)

![](https://github.com/xaitax/WinRAR-CVE-2023-38831/blob/main/winrar_cve-2023-38831.gif?raw=true)

## References

- https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
- https://b1tg.github.io/post/cve-2023-38831-winrar-analysis/