kevin-robertson / tater Goto Github PK

I have tried Tater, and for the first time I run it, it ask for a new windows firewall rule.
And as you know, it require privileges for that.
What do you think?

hello i'm pretty new to this stuff, i don't really know why this gets stucks at Starting NBNS spoofer to resolve WPAD to 127.0.0.1

These are my logs:-

2020-09-26T16:03:05 - Tater (Hot Potato Privilege Escalation) started
Local IP Address = 192.168.91.130
Spoofing Hostname = WPAD
Windows Defender Trigger Enabled
Real Time Console Output Enabled
Run Stop-Tater to stop Tater early
Use Get-Command -Noun Tater* to show available functions
Press any key to stop real time console output

2020-09-26T16:03:06 - Waiting for incoming HTTP connection
2020-09-26T16:03:06 - Flushing DNS resolver cache
2020-09-26T16:03:06 - Starting NBNS spoofer to resolve WPAD to 127.0.0.1

Now that it's out there, any plans on implementing the new rotten potato attack?

Hey Kevin,

Awesome work, on converting this to PowerShell.

I'm in the process of adding a new trigger to my version for Windows 10. Props to @vvalien1 on Twitter for this one, he used it in his win0day.py code that he dropped just after our talk.

Apparently In Windows 10, schtasks.exe is enabled for regular users and NT AUTHORITY\SYSTEM will check the file path supplied when you schedule a new task. If Potato is running and you submit a task as follows, it will trigger immediately:

schtasks.exe /Create /TN shellz /TR \127.0.0.1\teste /SC ONCE /ST 10:00 /F

You need to make sure that the WebClient service is running first. It can be started by any user just by doing start->run -> \live.sysinternals.com\tools

I'm certain you can do the same programatically but I haven't yet.

Just wanted to let you know, would be awesome to have this in the Powershell version!

Greetings!

Ran into my first pentest today where it looks like Potato/Tater should give me privesc. I already had an Empire agent with a Win2k12 box established so I tried running Tater through it. I repeatedly got errors about "Windows Defender not found" which is fine since it's not present, but it also pegs the proc at 100% so I killed it.

I also have RDP access to the Win2k12 box so I ran it manually with Invoke-Tater and the behavior was the same - proc pegged at 100%. FYI, overall this is not an overworked box. It usually idles around 10% for proc and 50% for memory.

I didn't see it explicitly mentioned in the documentation, but should Tater run ok under Server 2012? Potato says it supports 2012, but maybe Tater doesn't?

I can try to run Potato tonight too and see if there is any difference.

Thanks,
Brian