WinRAR Extension Spoof By Moneyarea4all
Hey guys,
Today I am going to briefly show you a neat little exploit that is available in WinRAR, version 4.20. You may or may not of heard of it, but it involves editing WinRAR's 'second' filename.
Today I am going to briefly show you a neat little exploit that is available in WinRAR, version 4.20. You may or may not of heard of it, but it involves editing WinRAR's 'second' filename.
Method:
- Okay, so first things first you need a payload/file you wish to spoof. For sake of demonstration I have placed this in an empty folder. As you can see, under type, it is labelled as an application. It has the .exe extension.
![[Image: 0u34Tb7.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vK3_3XAxTXv4L3UmwNfSWFNSDFAvHMaibHKnv3nRTKwMnzCTBUqMvYBdnAUj4-7nXBGDhh6InQXX_fPfxfgZz5fg=s0-d)
- Proceed to right click the file, and providing you have WinRAR 4.20 installed, click 'add to archive'.
![[Image: OHAJvdL.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sWZtOsPGXJD57NlqaC0wpJ4_n_bGggVhmq8sDIZTwkO_5SY5rnVm-VaG2NW4OdW2UKzQzw2ds3HKymyii_YsgS=s0-d)
- Choose to pack the file into a .zip archive.
![[Image: hkrVqVf.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vrGcrPDR7MGmXjyH3BD6No7YET7_uYXxs7Gcb0tlkxzGum4bSSab35yqVTSgcf6Vf6MpETEqSF9_NdmLHFgaGy=s0-d)
- Open your hex editor, and open the .zip file you have just created.
![[Image: pVY7vlI.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tz_yTDlNzHLnXAJCoWXLrT28Wr2bwMe2HZLSDoNyK_RQkPmp5Cw1Je51bwzw1qVGMtIeMhwIOJSVrgpMYcNdcfmg=s0-d)
- Scroll down, on the far right column and just above the very bottom line will be the file name and extension.
![[Image: EuzvGer.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tHg6pl-rxPyO4NJIgmBLLGz4f0HVRS55FpBz2ZZvb4Pk7Go1dwF1itdL6HOpm2515MRY9Da1WODBpT7tz96buLEA=s0-d)
- Change the extension to the one you desire.
![[Image: UrCM3fN.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tffaMtOPVC1QgFlQvcD6FmpTIPRwgklI1LU6HMWhoBbX39v0ak5CLluN6O7ehH4GyVpB7D8qQtL7m9rcDQpmhrRA=s0-d)
- Save, and check out your .zip file!
![[Image: ewV9fI4.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vDl6PbpGUONRdxUt8HamlpfxXAmz7ALbusytuGNsowPKfS24vkQVXaCqAHfbYfnSUP2mOS_lgB3-jpPHV44DzLXQ=s0-d)
So now you have a successfully spoofed file! While this does not fool most AV's, it is good in aiding SE'ing someone into opening a file - lots can be done with this method to say the least, even if a little outdated.