Skip to content

Bypassing NTFS permissions to read any files as unprivileged user.

Notifications You must be signed in to change notification settings

xtyi/CVE-2020-16938

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2020-16938

CVE-2020-16938 is a vulnerability that allows you to get unrestricted file read capabilities on the entire disk as unprivileged user. The bug was originally found and reported by my friend Jonas. His PoC can be found here.

My version of the exploit consists of a bunch of Windows API calls to get the handle directly without using 7zip, the PoC can be found in the poc folder which mirrors the tweet I created a while ago.

In short, this exploit allows you to dump the entire disk. The dump in itself can be opened using 7zip or any other parser that supports NTFS.

About

Bypassing NTFS permissions to read any files as unprivileged user.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%