decoder-it/LocalPotato decoder-it/LocalPotato

  • Stars
    star
    658
  • Rank 68,502 (Top 2 %)
  • Language
    C++
  • License
    MIT License
  • Created almost 2 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
decoder-it/LocalPotato
github

decoder-it

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

LocalPotato

Another Local Windows privilege escalation using a new potato technique ;)

The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.

NOTE: This vulnerability has been fixed by Microsoft in the January 2023 Patch Tuesday with the CVE-2023-21746. If you run this exploit against a patched machine it won't work.

More technical details at --> https://www.localpotato.com/localpotato_html/LocalPotato.html

Usage


         LocalPotato (aka CVE-2023-21746)
         by splinter_code & decoder_it


Mandatory Args:
-i Source file to copy
-o Output file - do not specify the drive letter
Example: localpotato -i c:\hacker\evil.dll -o windows\system32\evil.dll

Optional Args:
-c CLSID (Default {854A20FB-2D44-457D-992F-EF13785D2B51})
-p COM server port (Default 10271)

Demo

image

Authors:

More Repositories

1

psgetsystem

getsystem via parent process using ps1 & embeded c#
PowerShell
372
star
2

ADCSCoercePotato

C++
201
star
3

TokenStealer

C++
157
star
4

powershellveryless

Constrained Language Mode + AMSI bypass all in one
C#
152
star
5

NetworkServiceExploit

POC for NetworkService PrivEsc
C
122
star
6

juicy_2

juicypotato for win10 > 1803 & win server 2019
C
95
star
7

whoami-priv-Hackinparis2019

Slides from my talk in "Hackinparis" 2019 edition
89
star
8

psportfwd

a simple portforwarder in ps1 with embeded c# code
PowerShell
88
star
9

RelabelAbuse

C++
58
star
10

pipeserverimpersonate

named pipe server with impersonation
PowerShell
56
star
11

Hyper-V-admin-EOP

Small POC in powershell exploiting hardlinks during the VM deletion process
PowerShell
44
star
12

Troopers24

42
star
13

whoami-priv

Slides from my talk "whoami /priv" at Romhack 2018
38
star
14

BadBackupOperator

C++
36
star
15

DFSCoerce-exe-2

DFSCoerce exe revisited version with custom authentication
C
34
star
16

diaghub_exploit

Simplified version of Forshaw's Diaghub Collector Exploit
C
30
star
17

bluehatil22

Slides from out talk at BH IL 2022
26
star
18

CreateTokenExample

C++
16
star
19

lonelypotato

Switch to JuicyPotato! https://github.com/decoder-it/juicy-potato
9
star
20

hacktivity2019

Slides from my presentation at Budapest
8
star