Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → ioncodes → Cve 2020 16938

ioncodes / Cve 2020 16938

Bypassing NTFS permissions to read any files as unprivileged user.

CVE-2020-16938

CVE-2020-16938 is a vulnerability that allows you to get unrestricted file read capabilities on the entire disk as unprivileged user. The bug was originally found and reported by my friend Jonas. His PoC can be found here.

My version of the exploit consists of a bunch of Windows API calls to get the handle directly without using 7zip, the PoC can be found in the poc folder which mirrors the tweet I created a while ago.

In short, this exploit allows you to dump the entire disk. The dump in itself can be opened using 7zip or any other parser that supports NTFS.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 169

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗