I was able to get a limited shell without using metasploit but couldn’t escalate privileges without looking at the walkthrough. I have a few questions.
What are the clues that point to using juicyPotato? i did enumeration but nothing jumped out at me. Searching for “windows server 2016 standard 10” with searchsploit, but the output did not contain anything about juicyPotato (or rottenPotato).
Is there a way to escalate privileges without using metasploit?
How does juicyPotato work on a high level? I looked at a few online resources but I’m still confused.
If it makes anyone feel better, I spent 6+ hours trying to figure what I was doing wrong, feeling like a dumbass and it happened to be that I was downloading an empty JuicyPotatoe.exe because my browser was blocking it. CHECK THE FILE SIZE!
hahahaha I’ve been like what the heck man. But I did the same thing! Thanks for posting
Your command looks good to me. That’s very odd! I would assume that shell.bat is in the correct directory as well. The only thing that comes to mind is if there is anyone else doing Shield at the same time as you and using shell.bat as their file name - it might have got overwritten by their details instead, as Starting Point VMs are shared between everyone.
Your command looks good to me. That’s very odd! I would assume that shell.bat is in the correct directory as well. The only thing that comes to mind is if there is anyone else doing Shield at the same time as you and using shell.bat as their file name - it might have got overwritten by their details instead, as Starting Point VMs are shared between everyone.
@R4ZZB33RY can you show us the contents of your shell.bat file? Everything else looks fine so I’d suspect something is wrong in that. Either that or you have something blocking the incoming connection on your end (firewall etc). Have you confirmed it works fine if you just run the shell.bat normally from the remote machine rather than trying to run it with js.exe as system?