“Potatoes”
See this guide for a complete comparison (and when to use which) of different potato exploits.
Sweet Potato (Windows 7 - Windows 10, < Server 2019)
- Escalate from service to SYSTEM by exploiting SeImpersonate privilege
- GitHub - CCob/SweetPotato: Local Service to SYSTEM privilege escalation from …
JuicyPotato (>= Windows 10 1809, >= Windows Server 2019)
- exploits SeImpersonate privilege on service accounts to escalate to SYSTEM
- a newer version than rotten potato
- Release Fresh potatoes · ohpe/juicy-potato · GitHub
- List of CLSID organized by OS
- JuicyPotato - HackTricks
- ”JuicyPotato doesn’t work on Windows Server 2019 and Windows 10 build 1809 onwards” (HackTricks)
- JuicyPotato alternatives - RoguePotato, PrintSpoofer, SharpEfsPotato - HackTricks
RoguePotato (< Windows 10 1809, < Windows Server 2019)
- same as JuicyPotato but works on new systems
Print Nightmare
- exploits print spooler
- requires SMB
- is included in Sweet Potato