Need help with CVE-2020-16938?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

ioncodes
175 Stars 38 Forks 1 Commits 0 Opened issues

Description

Bypassing NTFS permissions to read any files as unprivileged user.

Services available

!
?

Need anything else?

Contributors list

# 60,155
C++
C
x64
Windows
1 commit

CVE-2020-16938

CVE-2020-16938
is a vulnerability that allows you to get unrestricted file read capabilities on the entire disk as unprivileged user. The bug was originally found and reported by my friend Jonas. His PoC can be found here.

My version of the exploit consists of a bunch of Windows API calls to get the handle directly without using 7zip, the PoC can be found in the

poc
folder which mirrors the tweet I created a while ago.

In short, this exploit allows you to dump the entire disk. The dump in itself can be opened using 7zip or any other parser that supports NTFS.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.