CVE-2023-38831

This repository contains a functional exploit generator for CVE-2023-38831, a WinRAR vulnerability that allows arbitrary code execution via crafted archive files. The script creates a malicious RAR archive that exploits the vulnerability by manipulating file extensions and directory structures.

This Go-based tool generates a malicious ZIP file exploiting CVE-2023-38831 in WinRAR by manipulating file extensions and embedding a payload. It creates a crafted archive that, when extracted, executes arbitrary commands due to improper path sanitization.

This repository contains a functional exploit generator for CVE-2023-38831, which leverages a path traversal vulnerability in WinRAR to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The tool creates a malicious archive that replaces the benign file with a payload upon double-click.

This repository provides a lazy proof-of-concept for CVE-2023-38831, a WinRAR vulnerability. It includes a modified RAR file and instructions to create a malicious file named 'ReadMe.txt .cmd' to exploit the vulnerability.

The repository contains a functional exploit for CVE-2023-38831, which leverages a vulnerability in WinRAR's handling of ZIP archives with similarly named files and folders to achieve arbitrary code execution. The exploit generates a malicious RAR file by embedding a script in a folder with a name similar to a benign file, tricking users into executing the script when accessing the benign file.

This repository provides a detailed technical overview of CVE-2023-38831, a WinRAR code execution vulnerability. It explains the exploit mechanism involving a weaponized ZIP archive with specific file naming conventions and includes process tree analysis for detection purposes.

This repository contains a functional exploit for CVE-2023-38831, a WinRAR vulnerability, which generates a malicious RAR archive to achieve remote code execution (RCE) via a reverse shell. The exploit leverages the 'rarce' tool to create a bait file that, when executed, triggers a PowerShell reverse shell payload.

This repository contains a functional Metasploit module that exploits CVE-2023-38831 in WinRAR 6.22. The exploit crafts a malicious RAR file embedding a decoy document and a payload, which executes when the user opens the decoy.

This repository contains a functional exploit generator for CVE-2023-38831, which leverages a directory traversal vulnerability in WinRAR to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The script automates the creation of a malicious ZIP file by embedding a payload and bait file, exploiting the way WinRAR processes folder names with the same name as the benign file.

This repository contains a functional exploit for CVE-2023-38831, a WinRAR vulnerability that allows arbitrary code execution via crafted archive files. The script generates a malicious RAR file that exploits the vulnerability by embedding a batch script disguised as a legitimate file extension.

This repository contains a functional exploit framework for CVE-2023-38831, a WinRAR vulnerability, which includes payload generation, email sending, and HTTP server functionality for social engineering attacks. The code demonstrates the ability to craft malicious RAR archives that exploit the vulnerability.

This Python script generates a 'bait and switch' archive by embedding a malicious script within a seemingly legitimate file, exploiting CVE-2023-38831. It manipulates ZIP archive contents to disguise the malicious payload, which can be executed upon extraction.

This repository contains a functional PoC for CVE-2023-38831, a WinRAR vulnerability allowing arbitrary code execution via a crafted ZIP archive with a benign file and a folder of the same name. The PoC generates a malicious ZIP file that exploits the vulnerability when the benign file is accessed.

This repository contains a functional exploit PoC for CVE-2023-38831, a WinRAR vulnerability that allows arbitrary code execution via a crafted ZIP archive. The Python script generates a malicious archive that exploits the vulnerability by manipulating file extensions and directory structures.

This repository contains a functional exploit PoC that chains CVE-2024-4367 (PDF-based RCE) and CVE-2023-38831 (WinRAR path traversal) to achieve remote command execution via a malicious PDF and RAR archive. The script generates a malicious PDF that triggers a download of a crafted RAR file, which executes a reverse shell when extracted.

This repository provides a detailed technical analysis and KQL query for detecting CVE-2023-38831, a WinRAR file extension spoofing vulnerability. It includes detection logic, IOCs, and references to external PoC tools but does not contain functional exploit code.

This PoC exploits CVE-2023-38831 in WinRAR by crafting a malicious RAR archive that leverages a directory traversal vulnerability to execute arbitrary commands when the archive is opened. The script manipulates file extensions and directory structures to bypass WinRAR's security checks.

This repository contains a functional exploit builder for CVE-2023-38831, a WinRAR vulnerability affecting versions before 6.23. The Rust-based tool automates the creation of a malicious RAR archive by embedding a script file and manipulating file extensions to trigger the vulnerability.

This repository contains a functional exploit for CVE-2023-38831, a vulnerability in WinRAR <= 6.22 that allows arbitrary code execution via a crafted archive. The PoC script generates a malicious ZIP file that exploits the vulnerability by manipulating file extensions and directory structures.

This repository contains a functional PoC for CVE-2023-38831, a WinRAR vulnerability that allows arbitrary code execution by exploiting how WinRAR processes ZIP archives with a benign file and a folder of the same name. The PoC generates a malicious ZIP archive that, when opened, executes a script when the user attempts to access the benign file.

This repository contains a functional Python script that exploits CVE-2023-38831 in WinRAR versions < 6.23 by crafting a malicious RAR archive (ZIP with .rar extension) that executes a payload when a user opens the archive and interacts with a decoy file.

This repository contains a functional Python exploit for CVE-2023-38831, which leverages WinRAR's improper handling of file extensions in ZIP archives to achieve arbitrary code execution. The exploit crafts a malicious archive that, when extracted, executes a batch script disguised as a PDF file due to a logic flaw in WinRAR's extraction process.

This repository contains a Python script that dynamically generates PIC (Position Independent Code) null-free Windows x64 TCP reverse shell shellcode. The script uses the Keystone engine for assembly and provides options to output shellcode in various formats (Python, C, C#, PowerShell).

The repository contains a functional Python script that exploits CVE-2023-38831 in WinRAR versions prior to 6.23 by crafting a malicious RAR archive with ambiguous filenames, leading to arbitrary code execution when the decoy file is opened.

This PowerShell script scans the TEMP directory for WinRAR-related folders and checks for suspicious file pairs (e.g., .cmd, .ps1, .bat) that may indicate exploitation of CVE-2023-38831. It does not exploit the vulnerability but detects potential signs of exploitation.

This repository contains a functional PoC exploit for CVE-2023-38831, which leverages a vulnerability in WinRAR to achieve arbitrary code execution via a crafted RAR file. The exploit manipulates file names and structures to bypass security checks and execute a malicious script.

This repository contains a functional Python script that generates a malicious RAR archive exploiting CVE-2023-38831 in WinRAR versions prior to 6.23. The exploit leverages a naming collision between a benign file and a malicious folder to execute arbitrary code when the victim opens the archive.

This repository contains a functional exploit for CVE-2023-38831, which leverages a vulnerability in WinRAR to generate a malicious RAR archive. The exploit creates a deceptive PDF file that, when opened, executes a reverse shell via a hidden batch script.

This repository contains a Python script that generates a malicious RAR archive exploiting CVE-2023-38831, a vulnerability in WinRAR's handling of file extensions. The exploit creates a bait file (e.g., PDF) and a hidden batch script that executes arbitrary commands when the user opens the bait file.

This repository contains a functional exploit for CVE-2023-38831, which leverages a directory traversal vulnerability in WinRAR to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The exploit creates a malicious ZIP archive with a benign file and a folder of the same name, embedding executable content within the folder.

This repository contains a comprehensive scanner for detecting CVE-2023-38831 in WinRAR installations. It employs multiple detection methods including file integrity checks, memory scanning, network analysis, and sandbox execution, but does not include exploit code.

This repository contains a functional Python-based exploit for CVE-2023-38831, which leverages a vulnerability in WinRAR's file-processing mechanisms to execute a reverse shell payload via a crafted RAR file. The exploit automates the creation of a malicious RAR archive with embedded VBScript and Python payloads.

This repository contains a functional exploit for CVE-2023-38831, which involves crafting a malicious RAR archive to execute arbitrary commands when extracted. The exploit includes a generator script to create the malicious archive and a keylogger payload.

This repository contains functional exploit code for CVE-2023-38831, a WinRAR vulnerability that allows arbitrary code execution via a crafted ZIP file. The exploit creates a ZIP with a malicious script disguised as a PDF, leveraging the vulnerability in WinRAR versions <= 6.22.

The repository lacks functional exploit code for CVE-2023-38831 and instead provides a generic Chocolatey installation script with no direct relation to the vulnerability. The README is minimal and does not include technical details or proof-of-concept exploit code.

This repository contains a functional exploit PoC for CVE-2023-38831, an RCE vulnerability in WinRAR versions prior to 6.23. The exploit crafts a malicious ZIP archive that leverages directory traversal and file extension manipulation to execute arbitrary commands when the archive is opened.

The repository contains a functional exploit generator for CVE-2023-38831, a WinRAR vulnerability. The Python script creates a malicious RAR archive that exploits a path traversal flaw to execute arbitrary scripts when the archive is opened.

The repository contains no actual exploit code or technical details, only links to external resources (tryhackme.com). This is a common social engineering tactic to lure researchers into visiting external sites.

The repository provides a technical description of CVE-2023-38831, a WinRAR RCE vulnerability exploitable via malicious archives containing a benign file and a folder with the same name. It includes a PoC video link but lacks actual exploit code or in-depth technical analysis.

This repository contains a functional exploit for CVE-2023-38831, which involves generating a malicious RAR archive that exploits a vulnerability in WinRAR to execute arbitrary code. The exploit includes a keylogger payload and a client-server setup for exfiltrating logs.

This repository provides a detailed analysis and solution for a DFIR (Digital Forensics and Incident Response) lab simulating a CVE-2023-38831 attack. It includes explanations of Windows registry, NTFS files, browser cache, and Windows function sequences, but does not contain actual exploit code.

This PoC generates a malicious ZIP archive exploiting CVE-2023-38831 by embedding a crafted file path to bypass security checks. The exploit leverages a path traversal vulnerability in WinRAR to execute arbitrary commands via a disguised payload.

The repository contains a functional Python script that exploits CVE-2023-38831 in WinRAR by crafting a malicious ZIP/RAR archive. The exploit leverages file path manipulation to achieve arbitrary code execution when the archive is extracted.

This repository provides a PDF summary and screenshots demonstrating CVE-2023-38831, which involves embedding and executing malicious payloads in compressed files to trigger a reverse shell. It is a documentation-focused writeup without executable code.

This repository contains a functional exploit generator for CVE-2023-38831, which leverages a vulnerability in WinRAR <= 6.22. The exploit creates a maliciously crafted RAR archive that can execute arbitrary code when extracted by a victim.

This repository contains a functional exploit for CVE-2023-38831, a vulnerability in WinRAR versions <= 6.22. The exploit manipulates ZIP archive content to trigger arbitrary code execution by crafting malicious file paths and extensions.

This repository contains a functional ZIP file fuzzing tool designed to generate malicious ZIP archives with various fuzzing vectors (e.g., path traversal, buffer overflow, format strings) to test for CVE-2023-38831. The tool includes both a generator for creating test cases and a validator for detecting suspicious ZIP file patterns.

This repository provides detection logic and technical analysis for CVE-2023-38831, a WinRAR ZIP file spoofing vulnerability. It includes PowerShell and Python scripts for ETW tracing and API monitoring, along with detailed behavioral and attack flow summaries.

This PoC exploits CVE-2023-38831 by crafting a malicious RAR archive that manipulates file extensions to execute arbitrary scripts when opened in WinRAR. The script automates the creation of a deceptive archive structure to trigger the vulnerability.

This repository contains a functional exploit builder for CVE-2023-38831, which affects WinRAR versions before 6.23. The script automates the creation of a malicious RAR archive that exploits a directory traversal vulnerability to execute arbitrary commands when the archive is opened.

The repository claims to be a PoC for CVE-2023-38831 but only contains a GUI with buttons linking to external sites (CVE details and WinRAR update page). No actual exploit code or technical details are provided.

This repository contains a functional exploit for CVE-2023-38831, a WinRAR vulnerability affecting versions 6.22 and below. The PoC creates a maliciously crafted ZIP archive that exploits a path traversal issue to execute arbitrary commands when the archive is extracted.

This script generates a malicious RAR archive exploiting CVE-2023-38831 by manipulating file extensions to bypass security checks. It creates a deceptive archive structure that can execute arbitrary commands when extracted.

The repository contains a functional Python script (`make-poc.py`) that generates a malicious RAR archive exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR versions prior to 6.23. The exploit creates a deceptive archive where a seemingly harmless file (e.g., JPG, PDF) executes a hidden batch script when opened.

This repository contains a functional exploit for CVE-2023-38831, which leverages a WinRAR vulnerability to execute arbitrary commands via a crafted archive. It also includes a UAC bypass technique to escalate privileges.

This repository provides a detailed technical walkthrough of CVE-2023-38831, a WinRAR vulnerability that allows malicious files to bypass extraction checks. It includes step-by-step exploitation details, code explanations, and demonstration screenshots.

This repository contains a functional Python script that generates a malicious RAR archive exploiting CVE-2023-38831 in WinRAR versions before 6.23. The exploit leverages a directory traversal-like behavior where a ZIP archive contains a benign file and a folder with the same name, allowing arbitrary code execution when the user attempts to view the benign file.

This Metasploit module exploits CVE-2023-38831 in WinRAR by crafting a malicious RAR archive that executes a payload when the decoy file is opened. It leverages a directory traversal vulnerability to achieve remote code execution.