Hey guys,
Today I am going to briefly show you a neat little exploit that is available in WinRAR, version 4.20. You may or may not of heard of it, but it involves editing WinRAR's 'second' filename.
Today I am going to briefly show you a neat little exploit that is available in WinRAR, version 4.20. You may or may not of heard of it, but it involves editing WinRAR's 'second' filename.
Method:
- Okay, so first things first you need a payload/file you wish to spoof. For sake of demonstration I have placed this in an empty folder. As you can see, under type, it is labelled as an application. It has the .exe extension.
![[Image: 0u34Tb7.png]](http://i.imgur.com/0u34Tb7.png)
- Proceed to right click the file, and providing you have WinRAR 4.20 installed, click 'add to archive'.
![[Image: OHAJvdL.png]](http://i.imgur.com/OHAJvdL.png)
- Choose to pack the file into a .zip archive.
![[Image: hkrVqVf.png]](http://i.imgur.com/hkrVqVf.png)
- Open your hex editor, and open the .zip file you have just created.
![[Image: pVY7vlI.png]](http://i.imgur.com/pVY7vlI.png)
- Scroll down, on the far right column and just above the very bottom line will be the file name and extension.
![[Image: EuzvGer.png]](http://i.imgur.com/EuzvGer.png)
- Change the extension to the one you desire.
![[Image: UrCM3fN.png]](http://i.imgur.com/UrCM3fN.png)
- Save, and check out your .zip file!
![[Image: ewV9fI4.png]](http://i.imgur.com/ewV9fI4.png)
So now you have a successfully spoofed file! While this does not fool most AV's, it is good in aiding SE'ing someone into opening a file - lots can be done with this method to say the least, even if a little outdated.
0 comments:
Post a Comment
!!!THANK YOU VISITING OUR BLOG!!!