Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@ohpe
ohpe authored Aug 10, 2018
1 parent 4ec8537 commit 8a8c9d7
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ We decided to weaponize [RottenPotatoNG][1]: **Say hello to Juicy Potato**.

> For the theory, see [Rotten Potato - Privilege Escalation from Service Accounts to SYSTEM][4] and follow the chain of links and references.
We discovered than, other than `BITS` there are a several COM servers we can abuse. They just need to:
1. be instantiable by the current user, normally a "service user" which has impersonation privileges)
We discovered that, other than `BITS` there are a several COM servers we can abuse. They just need to:
1. be instantiable by the current user, normally a "service user" which has impersonation privileges
2. implement the `IMarshal` interface
3. run as an elevated user (SYSTEM, Administrator, ...)

Expand Down

0 comments on commit 8a8c9d7

Please sign in to comment.