juicy potato: Local Privilege Escalation tool

Juicy Potato (abusing the golden privileges)

A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM

JuicyPotato allows you to:

  • Target CLSID
    pick any CLSID you want. Here you can find the list organized by OS.
  • COM Listening port
    define COM listening port you prefer (instead of the marshalled hardcoded 6666)
  • COM Listening IP address
    bind the server on any IP
  • Process creation mode
    depending on the impersonated user’s privileges you can choose from:
    • CreateProcessWithToken (needs SeImpersonate)
    • CreateProcessAsUser (needs SeAssignPrimaryToken)
    • both
  • Process to launch
    launch an executable or script if the exploitation succeeds
  • Process Argument
    customize the launched process arguments
  • RPC Server address
    for a stealthy approach, you can authenticate to an external RPC server
  • RPC Server port
    useful if you want to authenticate to an external server and firewall is blocking port 135
  • TEST mode
    mainly for testing purposes, i.e. testing CLSIDs. It creates the DCOM and prints the user of the token. See here for testing

Download

Copyright (C) 2018 ohpe 

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services