What this means is that SMB->SMB NTLM relay from one host back to itself will no longer work. Microsoft patched this (MS16-075) by disallowing same-protocol NTLM authentication using a challenge that is already in flight. Is this vulnerability exploitable right now? Potato.exe -ip -cmd -disable_exhaust true -disable_defender true
To understand deeper this technique, the researchers post/video are recommended:ĭownload the binary from the repository: Here
If the machine is SMB NTLM Relay: Relays the WAPD NTLM token to the SMB service to create an elevated process. If the machine is >= Wind& Windows Server 2019 - Try Rogue Potato Use Sweet Potato to rule them all - Sweet Potato.But, what are the differences? When should I use each one? Do they still work? This post is a summary of each kind of potato, when to use it and how to achieve successful exploitation. There are a lot of different potatoes used to escalate privileges from Windows Service Accounts to NT AUTHORITY/SYSTEM. Hot, Rotten, Lonely, Juicy, Rogue, Sweet, Generic potatoes.
0 kommentar(er)
