CVE-2023-21746

nmap sudo nmap -n -sS -sV -Pn -p- 192168108124 -min-rate 5000 Web Directory Scan Gobuster gobuster dir -u 192168108124:5357 -w /usr/share/wordlists/dirb/commontxt gobuster vhost -u thetoppershtb -w /usr/share/wordlists/wfuzz/general/commontxt --append-domain gobuster dns -d thetoppershtb -w /usr/share/wordlists/wf

LocalPotato Another Local Windows privilege escalation using a new potato technique ;) The LocalPotato attack is a type of NTLM reflection attack that targets local authentication This attack allows for arbitrary file read/write and elevation of privilege NOTE: The SMB scenario has been fixed by Microsoft in the January 2023 Patch Tuesday with the CVE-2023-21746 If you run t

Files to exploit LocalPotato with Command Execution using StorSvc and DLL Hijacking (From TryHackMe)

LocalPotato All the information to compile and execute these binaries comes from the TryHackMe room for LocalPotato Compiling the Exploit To make use of this exploit, you will first need to compile both of the provided files: SprintCSPdll: This is the missing DLL we are going to hijack The default code provided with the exploit will run the whoami command and output the resp

LocaLPotato + DLL Hijacking Exploitation Paths Overview LocaLPotato is an attack technique exploiting NTLM reflection vulnerabilities to facilitate local authentication attacks This method enables attackers to read/write files arbitrarily and escalate privileges on a target system Significant vulnerabilities associated with LocaLPotato include: SMB Scenario: Addressed by Mic

Exploring Local Potato Exploit to Perform Windows Privilege Escalation Background The Hot Potato exploit that emerged in 2016 followed several steps: It first deceived the "NT AUTHORITY\SYSTEM" account into authenticating itself via NTLM to a TCP endpoint that the exploit controlled It then intercepted this authentication attempt (a process known as NTLM relay) to