bugch3ck/SharpEfsPotato

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/bugch3ck/SharpEfsPotato)

bugch3ck / SharpEfsPotato

Local privilege escalation from SeImpersonatePrivilege using EfsRpc.

☆338

Alternatives and similar repositories for SharpEfsPotato

Users that are interested in SharpEfsPotato are comparing it to the libraries listed below

Sorting:

zcgonvh / DCOMPotato
View on GitHub
Some Service DCOM Object and SeImpersonatePrivilege abuse.
☆372Dec 9, 2022Updated 3 years ago
crisprss / RasmanPotato
View on GitHub
Abuse Impersonate Privilege from Service to SYSTEM like other potatoes do
☆402Feb 6, 2023Updated 3 years ago
Dec0ne / ShadowSpray
View on GitHub
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…
☆483Oct 14, 2022Updated 3 years ago
antonioCoco / JuicyPotatoNG
View on GitHub
Another Windows Local Privilege Escalation from Service Account to System
☆945Nov 12, 2022Updated 3 years ago
zcgonvh / EfsPotato
View on GitHub
Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
☆819Dec 14, 2023Updated 2 years ago
decoder-it / LocalPotato
View on GitHub
☆706Nov 7, 2023Updated 2 years ago
BeichenDream / GodPotato
View on GitHub
☆2,205Nov 24, 2023Updated 2 years ago
zblurx / certsync
View on GitHub
Dump NTDS with golden certificates and UnPAC the hash
☆647Mar 20, 2024Updated 2 years ago
BeichenDream / PrintNotifyPotato
View on GitHub
PrintNotifyPotato
☆539Dec 2, 2022Updated 3 years ago
mpgn / BackupOperatorToDA
View on GitHub
From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
☆440Jan 4, 2025Updated last year
wh0amitz / KRBUACBypass
View on GitHub
UAC Bypass By Abusing Kerberos Tickets
☆507Aug 10, 2023Updated 2 years ago
wh0amitz / S4UTomato
View on GitHub
Escalate Service Account To LocalSystem via Kerberos
☆403Sep 14, 2023Updated 2 years ago
Dec0ne / DavRelayUp
View on GitHub
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
☆568Jun 5, 2023Updated 2 years ago
decoder-it / ADCSCoercePotato
View on GitHub
☆244May 5, 2024Updated last year
JamesCooteUK / SharpSphere
View on GitHub
.NET Project for Attacking vCenter
☆553Nov 11, 2021Updated 4 years ago
mdsecactivebreach / DragonCastle
View on GitHub
A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
☆301Oct 26, 2022Updated 3 years ago
Dec0ne / KrbRelayUp
View on GitHub
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default…
☆1,634Aug 6, 2022Updated 3 years ago
S3cur3Th1sSh1t / SharpNamedPipePTH
View on GitHub
Pass the Hash to a named pipe for token Impersonation
☆311Nov 29, 2023Updated 2 years ago
antonioCoco / RoguePotato
View on GitHub
Another Windows Local Privilege Escalation from Service Account to System
☆1,161Jan 9, 2021Updated 5 years ago
Octoberfest7 / Inline-Execute-PE
View on GitHub
Execute unmanaged Windows executables in CobaltStrike Beacons
☆715Mar 4, 2023Updated 3 years ago
CCob / SweetPotato
View on GitHub
Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
☆1,812Sep 4, 2024Updated last year
CodeXTF2 / ScreenshotBOF
View on GitHub
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memor…
☆493Dec 7, 2025Updated 3 months ago
cube0x0 / KrbRelay
View on GitHub
Framework for Kerberos relaying
☆938May 29, 2022Updated 3 years ago
m3rcer / Chisel-Strike
View on GitHub
A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.
☆458Mar 25, 2024Updated last year
cube0x0 / LdapSignCheck
View on GitHub
Beacon Object File & C# project to check LDAP signing
☆199Aug 7, 2024Updated last year
ly4k / PassTheChallenge
View on GitHub
Recovering NTLM hashes from Credential Guard
☆377Dec 26, 2022Updated 3 years ago
XiaoliChan / wmiexec-Pro
View on GitHub
New generation of wmiexec.py
☆1,269Jan 5, 2026Updated 2 months ago
Prepouce / CoercedPotato
View on GitHub
A Windows potato to privesc
☆391Aug 26, 2024Updated last year
frkngksl / NimExec
View on GitHub
Fileless Command Execution for Lateral Movement in Nim
☆389Dec 12, 2023Updated 2 years ago
med0x2e / NTLMRelay2Self
View on GitHub
An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
☆418Jan 27, 2024Updated 2 years ago
wh0amitz / BypassCredGuard
View on GitHub
Credential Guard Bypass Via Patching Wdigest Memory
☆335Feb 3, 2023Updated 3 years ago
Mr-Un1k0d3r / AMSI-ETW-Patch
View on GitHub
Patch AMSI and ETW
☆250May 8, 2024Updated last year
Octoberfest7 / DropSpawn_BOF
View on GitHub
CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
☆286Jun 8, 2023Updated 2 years ago
BeichenDream / SharpToken
View on GitHub
Windows Token Stealing Expert
☆486Nov 24, 2023Updated 2 years ago
outflanknl / C2-Tool-Collection
View on GitHub
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
☆1,374Oct 27, 2023Updated 2 years ago
b4rtik / SharpKatz
View on GitHub
Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
☆1,013Nov 7, 2021Updated 4 years ago
gabriellandau / PPLFault
View on GitHub
☆564Feb 22, 2024Updated 2 years ago
mertdas / PrivKit
View on GitHub
PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
☆574Jan 20, 2026Updated 2 months ago
ShutdownRepo / ShadowCoerce
View on GitHub
MS-FSRVP coercion abuse PoC
☆302Dec 30, 2021Updated 4 years ago