![]() To my knowledge, I think there hasn’t been any public mention about using this particular trick in this context but, of course, I might be wrong. In fact, I’m going to discuss two very well-known techniques that can be combined together in order to achieve privilege escalation from LOCAL SERVICE or NETWORK SERVICE to SYSTEM. If you read this article in the hope of learning a new leet technique, you will be disappointed. Please note that I used the term “new tool” and not “new technique”. ![]() Today, I want to introduce a new tool that will allow pentesters to easily leverage these privileges again. Though, recent changes to the operating system have intentionally or unintentionally reduced the power of these techniques on Windows 10 and Server 2016/2019. Over the last few years, tools such as RottenPotato, RottenPotatoNG or Juicy Potato have made the exploitation of impersonation privileges on Windows very popular among the offensive security community.
0 Comments
Leave a Reply. |