https://www.rchitect.in/categories/windows-privilege-escalation/Recent content in Windows Privilege Escalation on rchitectHugoenWed, 09 Mar 2022 00:00:00 +0000https://www.rchitect.in/posts/juicy-potato/Wed, 09 Mar 2022 00:00:00 +0000https://www.rchitect.in/posts/juicy-potato/<h1 id="exploiting-seimpersonateprivilege-using-juicypotato-for-privilege-escalation"> Exploiting &lsquo;&lsquo;SeImpersonatePrivilege&rsquo; using Juicypotato for privilege escalation <a class="heading-link" href="#exploiting-seimpersonateprivilege-using-juicypotato-for-privilege-escalation"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h1> <p>Lets take a sceanrio we have initail reverse shell or nomral user shell which requires to be elvated as Administrator.Checking the Privilege of cuurent user we have noticed &ldquo;SeImpersonatePrivilege&rdquo; is enabled.</p> <pre tabindex="0"><code>whoami /priv PRIVILEGES INFORMATION ---------------------- Privilege Name Description State ============================= ========================================= ======== SeAssignPrimaryTokenPrivilege Replace a process level token Disabled SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled SeShutdownPrivilege Shut down the system Disabled SeAuditPrivilege Generate security audits Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeUndockPrivilege Remove computer from docking station Disabled SeImpersonatePrivilege Impersonate a client after authentication Enabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled PS C:\Windows\SysWOW64\inetsrv&gt; </code></pre><p>The below one privilege can be exploited using the [Juicypotato](<a href="https://github.com/ohpe/juicy-potato/releases/tag/v0.1" class="external-link" target="_blank" rel="noopener">Release Fresh potatoes · ohpe/juicy-potato · GitHub</a>) for most of the windows machine</p>