CVE-2023-38831 - WinRAR Zero-Day Vulnerability manually Exploit
Hi Friends!!!
This is Rahad Chowdhury. I am a cyber security researcher from Bangladesh.
If you face any problem you can watch his video:
In this article, I will discuss WinRAR zero-day exploit and some methods.
What is WinRAR?
WinRAR is a powerful archive manager. It can backup your data, reduce the size of RAR and ZIP file formats, open and unpack RAR, ZIP, and other files received from the Internet, and backup your data. It can also minimize the size of email attachments. WinRAR’s trial version is available for download, so you can sample it before you buy.
CVE-2023–38831:
This is an easy-to-use exploit for CVE-2023–38831, a vulnerability that affects WinRAR versions before 6.23.
An exploitable vulnerability has been identified in RAR Labs WinRAR versions prior to 6.23. This vulnerability enables attackers to execute arbitrary code through a specifically crafted ZIP archive. The vulnerability arises due to the mishandling of ZIP archives containing benign files, such as ordinary PDF documents, alongside folders sharing the same name. When a user attempts to access the benign file, the archive may include a similarly named folder containing executable content. This malicious content within the folder is processed during the attempt to access the benign file, facilitating the execution of arbitrary code. The exploitation of this vulnerability has been documented in real-world incidents occurring from April to August 2023.
How to exploit the vulnerability?
At first, you need to download and install WinRAR on your operating system. Make sure that you have installed WinRAR versions before 6.23.
Then go to your desktop and create a folder where you want to make the exploit.
Now collect any image, copy the image file, and paste it in the folder that you created.
Now go inside the folder. and create a folder again. There, again, move your image file.
Now again, create a folder with the same name as your image. Example. [image name: hacker.png] [Folder name: hacker.png]
Now go inside the folder and create a text file. Now you have to rename your text file the same as the image name, add a blank space, and add an extension name of . cmd example. hacker.png .cmd
After finishing the rename, open or edit this file and insert
@echo off
calc.exe
Now save this file.
N.B.: test.exe is just a pop-up alert file that I created for the tutorial. Hackers can use malicious files here.
Now go back to this folder and add it to the archive folder that you created with the same image file name.
If you want, you can change the archive name and then go to the Files menu.
Now check the Files to add option. Click Append File, select the image file that is collected for exploit, and click OK.
You will see a rar file created. Now open this rar file, and you will see the same name of folder and file.
Now click on the folder name, click rename, and just use a blank space after the extension and click the OK button.
Now double click the image file.
Boom!!!!
You will see the calculator open, which means it is working fine.
Another Method — How do I exploit WinRAR using the terminal?
If you want to use this exploit using the terminal,
Let’s download this exploit for your operating system.
https://github.com/b1tg/CVE-2023-38831-winrar-exploit
Inside the folder, open your terminal and use this command:
python exploit_name.py
Output:
python.cve-2023–38831.py poc
python .\cve-2023–38831.py <BAIT_NAME> <SCRIPT_NAME> <OUTPUT_NAME>
Now create a malicious script using the exploit.
Command:
python cve-2023–38831.py rahadchowdhury.png script.bat exploit.rar
Output:
BAIT_NAME: rahadchowdhury.png
SCRIPT_NAME: script.bat
OUTPUT_NAME: exploit.rar
ok..
That means the malicious file exploit.rar was created successfully.
Now just open the rar file and click image file, and you will see the calculator execute here.
That means exploit is working fine.
Solution:
Use update version of WinRAR