Closed breenmachine closed 8 years ago
Kevin-Robertson
commented
8 years ago Oh cool, yeah I will definitely try to get that added in. Thanks for the heads-up and awesome job with potato. I'm working on some potato inspired bruteforce stuff for Inveigh also. For post-exploitation, the bruteforce method is going to be useful for limited grabbing of HTTP challenge/responses and relay without needing admin access.
breenmachine
commented
8 years ago Awesome, can't wait to see it!
Kevin-Robertson
commented
8 years ago Hey, I added the Windows 10 trigger. I also think I'm now caught up with the features of potato.exe from a parameter standpoint.
I saw the tweets but I didn't explore starting WebClient programmatically yet.
Hey Kevin,
Awesome work, on converting this to PowerShell.
I'm in the process of adding a new trigger to my version for Windows 10. Props to @vvalien1 on Twitter for this one, he used it in his win0day.py code that he dropped just after our talk.
Apparently In Windows 10, schtasks.exe is enabled for regular users and NT AUTHORITY\SYSTEM will check the file path supplied when you schedule a new task. If Potato is running and you submit a task as follows, it will trigger immediately:
schtasks.exe /Create /TN shellz /TR \127.0.0.1\teste /SC ONCE /ST 10:00 /F
You need to make sure that the WebClient service is running first. It can be started by any user just by doing start->run -> \live.sysinternals.com\tools
I'm certain you can do the same programatically but I haven't yet.
Just wanted to let you know, would be awesome to have this in the Powershell version!