Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ioncodes/CVE-2020-16938
Bypassing NTFS permissions to read any files as unprivileged user.
https://github.com/ioncodes/CVE-2020-16938
Last synced: 21 days ago
JSON representation
Bypassing NTFS permissions to read any files as unprivileged user.
- Host: GitHub
- URL: https://github.com/ioncodes/CVE-2020-16938
- Owner: ioncodes
- Created: 2020-10-21T15:38:22.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2020-10-21T15:39:00.000Z (about 4 years ago)
- Last Synced: 2024-08-05T17:28:00.057Z (4 months ago)
- Language: C++
- Size: 133 KB
- Stars: 187
- Watchers: 10
- Forks: 40
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - ioncodes/CVE-2020-16938 - Bypassing NTFS permissions to read any files as unprivileged user. (C++)
README
# CVE-2020-16938
`CVE-2020-16938` is a vulnerability that allows you to get unrestricted file read capabilities on the entire disk as unprivileged user. The bug was originally found and reported by my friend [Jonas](https://twitter.com/jonasLyk/status/1316104870987010048). His PoC can be found [here](https://twitter.com/jonasLyk/status/1316104870987010048).
My version of the exploit consists of a bunch of Windows API calls to get the handle directly without using 7zip, the PoC can be found in the `poc` folder which mirrors the [tweet](https://twitter.com/layle_ctf/status/1316108167609188354) I created a while ago.
In short, this exploit allows you to dump the entire disk. The dump in itself can be opened using 7zip or any other parser that supports NTFS.
