“Potatoes”
See this guide for a complete comparison (and when to use which) of different potato exploits.
God Potato
- Escalate to SYSTEM by abusing DCOM & SeImpersonatePrivilege
- Good for: Windows Server 2012-2022 and Windows 8-11
Sweet Potato
- Automatically attempts to escalate from service to SYSTEM by exploiting SeImpersonate privilege via several exploits such as JuicyPotato, RoguePotato, PrintSpoofer, etc
- GitHub - CCob/SweetPotato: Local Service to SYSTEM privilege escalation from …
JuicyPotato (< Windows 10 1809, < Windows Server 2019)
- exploits SeImpersonate privilege on service accounts to escalate to SYSTEM
- a newer version of rotten potato
- Release Fresh potatoes · ohpe/juicy-potato · GitHub
- List of CLSID organized by OS
- JuicyPotato - HackTricks
- ”JuicyPotato doesn’t work on Windows Server 2019 and Windows 10 build 1809 onwards” (HackTricks)
- JuicyPotato alternatives - RoguePotato, PrintSpoofer, SharpEfsPotato - HackTricks
RoguePotato (>= Windows 10 1809, Windows Server 2019)
- same as JuicyPotato but works on new systems
Print Nightmare
- exploits print spooler
- requires SMB
- is included in Sweet Potato