Impersonating Privileges with Juicy Potato
<p>Windows Privilege Escalation with <em>SeImpersonatePrivilege, and SeAssignPrimaryTokenPrivilege</em></p>
<p><img alt="" src="https://miro.medium.com/v2/resize:fit:700/1*euXYYhgNQUJc0-mPXeUfag.jpeg" style="height:956px; width:700px" /></p>
<p>Photo by <a href="https://unsplash.com/de/@hans_isaacson?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText" rel="noopener ugc nofollow" target="_blank">Hans Isaacson</a> on <a href="https://unsplash.com/photos/ZqSDrFeAbCg?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText" rel="noopener ugc nofollow" target="_blank">Unsplash</a></p>
<p>Today, I am going to talk about a Windows privilege escalation tool called Juicy Potato. In the past, I used it on Hack The box older machines: <strong><em>Bounty, Jeeves, and Conceal </em></strong>to escalate my privileges from a local user to an Administrator. </p>
<p>Juicy Potato is a local privilege escalation tool created by <a href="https://twitter.com/decoder_it" rel="noopener ugc nofollow" target="_blank">Andrea Pierini</a> and Giuseppe Trotta to exploit Windows service accounts’ impersonation privileges.</p>
<p>The tool takes advantage of the <strong><em>SeImpersonatePrivilege </em></strong>or <strong><em>SeAssignPrimaryTokenPrivilege </em></strong>if enabled on the machine to elevate the local privileges to System. Normally, these privileges are assigned to service users, admins, and local systems — high integrity elevated users.</p>
<p><a href="https://medium.com/r3d-buck3t/impersonating-privileges-with-juicy-potato-e5896b20d505"><strong>Visit Now</strong></a></p>