WindowsPotatoes

November 20, 2021 ยท View on GitHub

A list of windows potatoes!

Potato NameDescriptionRead More
MultiPotatoAnother Potato to get SYSTEM via SeImpersonate privileges but it doesn't contain any SYSTEM auth triggers, allowing the user to integrate one themselves; it also allows the user to use CreateProcessWithTokenW, CreateProcessWithTokenW, CreateProcessAsUserW, CreateUser and BindShell whereas normally only CreateProcessWithTokenW is available in public exploits.https://github.com/S3cur3Th1sSh1t/MultiPotato
Hot PotatoHot potato is the code name of a Windows privilege escalation technique that was discovered by Stephen Breen. This technique is actually a combination of two known windows issues like NBNS spoofing and NTLM relay with the implementation of a fake WPAD proxy server which is running locally on the target host.https://pentestlab.blog/2017/04/13/hot-potato/
Rotten Potato-https://github.com/breenmachine/RottenPotatoNG
Lonely PotatoRotten Potato but without meterpreter and the incognito modulehttps://decoder.cloud/2017/12/23/the-lonely-potato/
Juicy PotatoRotten Potato but more flexiblehttps://github.com/ohpe/juicy-potato
Rogue Potato-https://decoder.cloud/2020/05/11/no-more-juicypotato-old-story-welcome-roguepotato/
Ghost PotatoHalloween has come and gone; and yet NTLM reflection is back from the dead to haunt MSRC once again. This post describes a deceptively simple bug that has existed in Windows for 15 years.https://shenaniganslabs.io/2019/11/12/Ghost-Potato.html
Remote PotatoThe remote potato is a technique which was discovered by Antonio Cocomazzi and Andrea Pierini which could allow threat actors to elevate their privileges from Domain user to Enterprise Administrator. This technique is performing a cross-protocol relay to implement the NTLM reflection attack and relays the elevated NTLM authentication to the domain controller to achieve privilege escalation. According to the article which describes the technical details this attack is feasible when various conditions are in place:https://pentestlab.blog/2021/05/04/remote-potato-from-domain-user-to-enterprise-admin/
Candy PotatoPure C++; weaponized; fully automated implementation of RottenPotatoNGhttps://github.com/klezVirus/CandyPotato

Read more about potatoes