Impersonation Attacks

In the name

what are tokens
- Temporary keys that allow you to access to a system/network without having to provide credentials each time you access a file. cookies for computers
Type types
- Delegate
  - Created for logging into a machine or using remote desktop
- Impersonate
  - Impersonate "non-interactive" such as attaching a network drive or a domain logon script

These are pretty sus
- SeBackup
- SeImpersonatePrivilege
- SeChangeNotify

First thing to attempt is the god potato since its the easiest

Rotten Potato - https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/

When using Juicy potato be aware that you will need to find a valid CLSID and here is a list that can be used, to use it find the suitable OS that you have and ig just start trying. A powershell script can also be used

juicy-potato/CLSID/Windows_Server_2008_R2_Enterprise/CLSIDs.csv at master · ohpe/juicy-potatoGitHub

a good tip that a friend gave me ( shoutout @acaard) was to always use bottom choice of the list ALWAYS

Juicy Potato - https://github.com/ohpe/juicy-potato

https://github.com/gtworek/Priv2Admin

PreviousPasswords in config files NextLinux priv esc

Last updated 1 year ago