https://github.com/BeichenDream/GodPotato
Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege" permission. Then you are "NT AUTHORITY\SYSTEM", usually WEB services and database services have "ImpersonatePrivilege" permissions.
Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege" permission. Then you are "NT AUTHORITY\SYSTEM", usually WEB services and database services have "ImpersonatePrivilege" permissions.
GitHub
GitHub - BeichenDream/GodPotato
Contribute to BeichenDream/GodPotato development by creating an account on GitHub.
runascs new version with remote impersonation
https://github.com/antonioCoco/RunasCs/releases/tag/v1.5
https://github.com/antonioCoco/RunasCs/releases/tag/v1.5
GitHub
Release RunasCs version 1.5 · antonioCoco/RunasCs
Added
Added flag --remote-impersonation that will spawn the new process with the main thread impersonating the requested user logon. This can facilitate some IL escape scenarios, e.g. elevation fr...
Added flag --remote-impersonation that will spawn the new process with the main thread impersonating the requested user logon. This can facilitate some IL escape scenarios, e.g. elevation fr...
Proof of Concept Code for CVE-2023-32353: Local privilege escalation via iTunes in Windows
https://github.com/86x/CVE-2023-32353-PoC
https://github.com/86x/CVE-2023-32353-PoC
GitHub
GitHub - 86x/CVE-2023-32353-PoC: Proof of Concept Code for CVE-2023-32353: Local privilege escalation via iTunes in Windows
Proof of Concept Code for CVE-2023-32353: Local privilege escalation via iTunes in Windows - 86x/CVE-2023-32353-PoC
elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative
https://github.com/g3tsyst3m/elevationstation
https://github.com/g3tsyst3m/elevationstation
GitHub
GitHub - g3tsyst3m/elevationstation: elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative
elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative - g3tsyst3m/elevationstation
CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent:
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Developer mode in ChatGPT cannot generate shellcode, but it is useful for generating penetration test noscripts such as brute force and more.
https://mega.nz/file/ykklhKLB#vA4AEtiIIQTerf2tfydza20a-yGwLD-S855n0pBHCTM
https://mega.nz/file/ykklhKLB#vA4AEtiIIQTerf2tfydza20a-yGwLD-S855n0pBHCTM
mega.nz
4.3 KB file on MEGA