1

What could be the reason for potato exploits not being able to spawn a reverse shell?

OS: Microsoft Windows Server 2022 Standard
Build: 20348
Exploits tried: RoguePotato, SigmaPotato, GodPotato

What doesn't work:

  • Spawning the reverse shell
  • Spawning privileged shell on the system locally

I have done some debugging and found out that when executing the exploit:

  1. The commands are getting executed as SYSTEM
  2. Any command related to establishing TCP connection doesnt work (e.g nc64.exe or self-crafted msfvenom reverse shell .exe), even when its not reverse shell (e.g Invoke-WebRequest -URI)
  3. UDP related connections work (e.g. I tried to ping myself)

Without exploit everything gets executed: nc64.exe, selc-crafted reverse shell, etc. The initial unprivileged shell was obtained through SQLi xp_cmdshell: EXEC xp_cmdshell 'powershell -enc base-64-encoded-reverse-shell'

Improve this question
1
  • 1
    Frankly your debugging isn’t enough. There could still be a thousand different problems that could be the issue. Commented Nov 24, 2024 at 19:37

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.